The calendar module in phpWebSite 0.9.x and previous versions allows remote malicious users to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpwebsite phpwebsite |