CVE-2007-1343
CVE-2007-1343 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
Learn more about our Web App Pen Testing.