CVE Vulnerabilities

CVE-2007-1343

Published: Mar 08, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.

Affected Software

Name Vendor Start Version End Version
Webcalendar Webcalendar 1.0.4 1.0.4
Webcalendar Webcalendar 1.0.2 1.0.2
Webcalendar Webcalendar 1.0.1 1.0.1
Webcalendar Webcalendar 1.0.3 1.0.3
Webcalendar Webcalendar 1.0.0 1.0.0

References