CVE-2007-1343

2007-03-0800:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.148 Low

EPSS

Percentile

95.7%

JSON

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not
protect the noSet variable from external modification, which allows remote
attackers to set arbitrary global variables via a URL with modified values
in the noSet parameter, which leads to resultant vulnerabilities that
probably include remote file inclusion and other issues.

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchwebcalendar< 1.0.5-12UNKNOWN
ubuntu8.04noarchwebcalendar< 1.0.5-12UNKNOWN
ubuntu8.10noarchwebcalendar< 1.0.5-12UNKNOWN
ubuntu9.04noarchwebcalendar< 1.0.5-12UNKNOWN
ubuntu9.10noarchwebcalendar< 1.0.5-12UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	webcalendar	< 1.0.5-12	UNKNOWN
ubuntu	8.04	noarch	webcalendar	< 1.0.5-12	UNKNOWN
ubuntu	8.10	noarch	webcalendar	< 1.0.5-12	UNKNOWN
ubuntu	9.04	noarch	webcalendar	< 1.0.5-12	UNKNOWN
ubuntu	9.10	noarch	webcalendar	< 1.0.5-12	UNKNOWN