CVE-2003-0737

The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.

Published: Oct 20, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0737
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpwebsite / phpwebsite	-	0.9.0.x

http://marc.info/?l=bugtraq&m=106062021711496&w=2
http://marc.info/?l=bugtraq&m=106252188522715&w=2

Vulnerability Database

289,784

CVE-2003-0737