| VID |
21823 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpScheduleIt, according to its version number, has a security bypass vulnerability in reservation.class.php. phpScheduleIt is an open-source Web-based reservation and scheduling system written in PHP. phpScheduleIt versions prior to 1.0.1 could allow an attacker to bypass certain security restrictions, caused by an unspecified vulnerability in the reservation.class.php script. The attacker could exploit this vulnerability to modify or delete reservations.
* Note: This check solely relied on the version number of phpScheduleIt installed on the remote Web server to assess this vulnerability.
* References:
http://sourceforge.net/tracker/index.php?func=detail&aid=1051841&group_id=95547&atid=611778
http://secunia.com/advisories/13206
http://securitytracker.com/alerts/2004/Nov/1012246.html
* Platforms Affected:
BrickHost, phpScheduleIt versions prior to 1.0.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpScheduleIt (1.0.1 or later), available from the phpScheduleIt Web site at http://www.php.brickhost.com/ |
| Related URL |
CVE-2004-2469 (CVE) |
| Related URL |
11690 (SecurityFocus) |
| Related URL |
18089 (ISS) |
|
