CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/24403
http://secunia.com/advisories/24519
http://sourceforge.net/mailarchive/forum.php?thread_id=31840112&forum_id=46247
http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130
http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8
http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log
http://www.debian.org/security/2007/dsa-1267
http://www.securityfocus.com/bid/22834
http://www.vupen.com/english/advisories/2007/0851
https://exchange.xforce.ibmcloud.com/vulnerabilities/32832
http://secunia.com/advisories/24403
http://secunia.com/advisories/24519
http://sourceforge.net/mailarchive/forum.php?thread_id=31840112&forum_id=46247
http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130
http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8
http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log
http://www.debian.org/security/2007/dsa-1267
http://www.securityfocus.com/bid/22834
http://www.vupen.com/english/advisories/2007/0851
https://exchange.xforce.ibmcloud.com/vulnerabilities/32832

Products affected by CVE-2007-1343

Webcalendar » Webcalendar » Version: 1.0.0

cpe:2.3:a:webcalendar:webcalendar:1.0.0
Webcalendar » Webcalendar » Version: 1.0.1

cpe:2.3:a:webcalendar:webcalendar:1.0.1
Webcalendar » Webcalendar » Version: 1.0.2

cpe:2.3:a:webcalendar:webcalendar:1.0.2
Webcalendar » Webcalendar » Version: 1.0.3

cpe:2.3:a:webcalendar:webcalendar:1.0.3
Webcalendar » Webcalendar » Version: 1.0.4

cpe:2.3:a:webcalendar:webcalendar:1.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1343

Products

Pricing

Contact Us