CVE-2007-3258

Name of the Vulnerable Software and Affected Versions Calendarix version 0.7.20070307

Description The issue allows remote attackers to obtain sensitive information by providing large values to the year and month parameters in calendar.php. This causes negative values to be passed to the mktime library call, resulting in the revelation of the installation path in the error message.

Recommendations For Calendarix version 0.7.20070307, consider validating and sanitizing the year and month parameters to prevent large values from being passed to the mktime library call. As a temporary workaround, restrict access to the calendar.php file to minimize the risk of exploitation.