|
Description
|
|
Multiple vulnerabilities were identified in WebCalendar, which could be exploited by malicious users to conduct SQL injection attacks or overwrite arbitrary files.
The first flaw is due to input validation errors in the "activity_log.php", "admin_handler.php", "edit_template.php" and "export_handler.php" scripts that do not properly validate certain parameters, which may be exploited by malicious users to conduct SQL injection attacks.
The second issue is due to an input validation error in the "export_handler.php" file that does not properly validate the "id" and "format" parameters, which could be exploited by remote attackers to overwrite arbitrary files via HTTP POST requests.
|
