PT-2003-1832 · Pear+1 · Pear+1

Lorenzo Hernandez Garcia-Hierro

Published

2003-09-04

Updated

2016-10-18

CVE-2003-0737

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: phpWebSite versions 0.9.x and earlier

Description: The issue allows remote attackers to obtain the full pathname of phpWebSite by exploiting the calendar module with an invalid year. This generates an error from the localtime() function in TimeZone.php of the Pear library.

Recommendations: For phpWebSite versions 0.9.x and earlier, consider restricting access to the calendar module until a fix is available. As a temporary workaround, avoid using the calendar module with invalid years to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0737

Affected Products

Pear

Phpwebsite

PT-2003-1832 · Pear+1 · Pear+1

CVE-2003-0737

Related Identifiers

Affected Products

References · 3