CVE-2007-0690

Name of the Vulnerable Software and Affected Versions myEvent version 1.6

Description The issue allows remote attackers to obtain sensitive information. This can be achieved through a Log In action without a password to the "login.php" endpoint, or by providing an invalid view[] or monthno[] parameter to the "myevent.php" endpoint. The vulnerability reveals the path in various error messages.

Recommendations For myEvent version 1.6, consider restricting access to the "login.php" and "myevent.php" endpoints until a fix is available. As a temporary workaround, avoid using the view[] and monthno[] parameters in the "myevent.php" endpoint to minimize the risk of exploitation.