CVE-2007-1343

CVE-2007-1343 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.

Learn more about our Web App Pen Testing.