includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-03-08 22:19
Updated : 2024-02-28 11:01
NVD link : CVE-2007-1343
Mitre link : CVE-2007-1343
CVE.ORG link : CVE-2007-1343
JSON object : View
Products Affected
webcalendar
- webcalendar
CWE