Question about two vulnerabilities in WebCalendar v1.2.7

craigk5n / webcalendar

WebCalendar is a PHP application used to maintain a calendar for a single user or an intranet group of users. It can also be configured as an event calendar.

http://www.k5n.us/webcalendar.php

GNU General Public License v2.0

149 stars 71 forks source link

Question about two vulnerabilities in WebCalendar v1.2.7 #382

Open fgeek opened 11 months ago

fgeek commented 11 months ago

Hello,

Can you tell me in which version these vulnerabilities has been fixed, thanks?

http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-INJECTION.txt http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt

I am adding detection for these to https://github.com/fgeek/pyfiscan security scanner (works locally).

craigk5n commented 10 months ago

The second one is fixed as of v1.9.8. Not sure on the first one.