includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Webcalendar | Webcalendar | 1.0.4 | 1.0.4 |
Webcalendar | Webcalendar | 1.0.2 | 1.0.2 |
Webcalendar | Webcalendar | 1.0.1 | 1.0.1 |
Webcalendar | Webcalendar | 1.0.3 | 1.0.3 |
Webcalendar | Webcalendar | 1.0.0 | 1.0.0 |