|
Description
|
|
Multiple vulnerabilities were identified in WebCalendar, which could be exploited by malicious users to perform SQL injection and HTTP response splitting attacks.
The first flaw is due to input validation errors in the "edit_report_handler.php" and "activity_log.php" scripts when processing specially crafted "startid" and "time_range" parameters, which may be exploited by malicious users to conduct SQL injection attacks.
The second issue is due to an input validation error in the "layers_toggle.php" script when handling a specially crafted "ret" variable, which may be exploited by malicious users to conduct HTTP response splitting attacks.
|
