Webcalendar: >> Webcalendar >> 1.0.0 Security Vulnerabilities
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
CVSS Score
7.5
EPSS Score
0.016
Published
2007-03-08
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
CVSS Score
7.5
EPSS Score
0.015
Published
2005-08-29
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.007
Published
2005-07-19