CVE-2006-1537

Name of the Vulnerable Software and Affected Versions: Craig Knudsen WebCalendar version 1.1.0-CVS

Description: The issue allows remote attackers to obtain sensitive information via direct requests to various PHP files, which reveal the path in error messages. The affected files include includes/index.php, tests/add duration test.php, tests/all tests.php, groups.php, nonusers.php, includes/settings.php, includes/init.php, includes/settings.php.orig, includes/js/admin.php, includes/js/edit entry.php, includes/js/edit layer.php, includes/js/export import.php, includes/js/popups.php, includes/js/pref.php, and includes/menu/index.php.

Recommendations: For Craig Knudsen WebCalendar version 1.1.0-CVS, consider restricting access to the mentioned PHP files to minimize the risk of exploitation. As a temporary workaround, disable the execution of these files until a patch is available.