NVD

Id
53529  
Name
CVE-2007-1343  
Description
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-03-08  
Modified Date
2011-03-07  
Seq
2007-1343  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
271091 53529 CVE-2007-1343 [webcalendar-announce] 20070304 Announce: Release 1.0.5 (security patch)  View
271092 53529 CVE-2007-1343 http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130  View
271093 53529 CVE-2007-1343 http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8  View
271094 53529 CVE-2007-1343 http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log  View
271095 53529 CVE-2007-1343 DSA-1267  View
271096 53529 CVE-2007-1343 22834  View
271097 53529 CVE-2007-1343 ADV-2007-0851  View
271098 53529 CVE-2007-1343 webcalendar-noset-variable-overwrite(32832)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
56528 JVNDB-2007-005220 Craig Knudsen WebCalendar の includes/functions.php における任意のグローバル変数を設定される脆弱性 Craig Knudsen WebCalendar の includes/functions.php は、外部変更から noSet 変数を保護しないため、任意のグローバル変数を設定される脆弱性が存在します。 CVE-2007-1343 24698 CVE-2007-1343 53529 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005220.html 2007-03-08 2012-12-20 View