phpScheduleIt Flaw in 'Reservation.class.php' Lets Remote Users Modify or Delete Reservations
|
|
SecurityTracker Alert ID: 1012246 |
|
SecurityTracker URL: http://securitytracker.com/id/1012246
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 17 2004
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.0.1
|
Description:
A vulnerability was reported in phpScheduleIt. A user can modify or delete a reservation.
The flaw resides in Reservation.class.php. No further details were provided.
|
Impact:
A user can modify or delete a reservation.
|
Solution:
The vendor has issued a fixed version (1.0.1), available at:
http://sourceforge.net/project/showfiles.php?group_id=95547
The vendor has also issued a patch, available at:
http://sourceforge.net/tracker/download.php?group_id=95547&atid=611778&file_id=106007&aid=1051841
|
Vendor URL: phpscheduleit.sourceforge.net/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 17 Nov 2004 00:05:17 -0500
Subject: http://sourceforge.net/tracker/index.php?func=detail&aid=1051841&group_id=95547&atid=611778
|
> Reservation Modification Security Vulnerability
> There is a bug in all versions of phpScheduleIt that
> allows a knowledgeable user to modify or delete a
> reservation.
|
|
