CVE-2008-5062

Name of the Vulnerable Software and Affected Versions Mini Web Calendar (mwcal) version 1.2

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the php/cal pdf.php file. This is achieved by using directory traversal sequences in the thefile parameter.

Recommendations For Mini Web Calendar (mwcal) version 1.2, avoid using the thefile parameter in the php/cal pdf.php file until a fix is available. As a temporary workaround, consider restricting access to the php/cal pdf.php file to minimize the risk of exploitation.