evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Evcal_events_calendar | Donnafontenot | - (including) | - (including) |