CVE-2004-1509

Vulnerability

validate.php in WebCalendar contains a vulnerability where an invalid encoded_login parameter triggers an error message that discloses the full installation path of the application. This path disclosure can occur without authentication. The affected versions include WebCalendar 1.0.x and possibly earlier or later versions.

Exploitation

An attacker can exploit this by sending an HTTP request to the vulnerable validate.php script with a crafted encoded_login parameter that is not properly handled, causing PHP to generate an error that includes the full file system path. No authentication or special privileges are required.

Impact

Successful exploitation reveals the full directory path of the WebCalendar installation, which provides an attacker with valuable information that can be used to plan further attacks, such as including files or exploiting local file inclusion vulnerabilities.

Mitigation

No official patch is mentioned in the available references. Users should consider upgrading to a version of WebCalendar that has addressed this issue, or as a workaround, disable or restrict access to validate.php if it is not required. Input validation on the encoded_login parameter should also be implemented.