7.5
CVE-2007-1343
- EPSS 2.14%
- Veröffentlicht 08.03.2007 22:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginincludes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webcalendar ≫ Webcalendar Version1.0.0
Webcalendar ≫ Webcalendar Version1.0.1
Webcalendar ≫ Webcalendar Version1.0.2
Webcalendar ≫ Webcalendar Version1.0.3
Webcalendar ≫ Webcalendar Version1.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.14% | 0.797 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/24403
http://secunia.com/advisories/24519
http://sourceforge.net/mailarchive/forum.php?thread_id=31840112&forum_id=46247
http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130
http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8
http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log
http://www.debian.org/security/2007/dsa-1267
http://www.securityfocus.com/bid/22834
http://www.vupen.com/english/advisories/2007/0851
https://exchange.xforce.ibmcloud.com/vulnerabilities/32832