EDB-4785
webappsphpVERIFIED
TeamCalPro 3.1.000 - Multiple Local/Remote File Inclusions
CVE-2007-6554CVE-2007-6553
GoLd_M12/25/2007
CVE-2007-6553
NONEMultiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class
Veröffentlicht: 12/28/2007Aktualisiert: 4/9/2025
Beschreibung
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
KI-AnalyseKI-gestützt
Betroffene Produkte
george_leweteamcal_pro
Verfügbare Exploits (1)
Referenzen
- http://osvdb.org/39805
- http://osvdb.org/39806
- http://osvdb.org/39807
- http://osvdb.org/39808
- http://osvdb.org/39809
- http://osvdb.org/39810
- http://osvdb.org/39811
- http://osvdb.org/39812
- http://osvdb.org/39813
- http://osvdb.org/39814
- http://osvdb.org/39815
- http://osvdb.org/39816
- http://osvdb.org/39817
- http://osvdb.org/39818
- http://osvdb.org/39819
- http://osvdb.org/39820
- http://osvdb.org/39821
- http://osvdb.org/39822
- http://osvdb.org/39823
- http://osvdb.org/39824