EDB-4785
webappsphpVERIFIED
TeamCalPro 3.1.000 - Multiple Local/Remote File Inclusions
CVE-2007-6554CVE-2007-6553
GoLd_M12/25/2007
CVE-2007-6553
NONEMultiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class
Опубликовано: 12/28/2007Обновлено: 4/9/2025
Описание
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
ИИ-АнализНа базе ИИ
Затронутые продукты
george_leweteamcal_pro
Доступные эксплойты (1)
Ссылки
- http://osvdb.org/39805
- http://osvdb.org/39806
- http://osvdb.org/39807
- http://osvdb.org/39808
- http://osvdb.org/39809
- http://osvdb.org/39810
- http://osvdb.org/39811
- http://osvdb.org/39812
- http://osvdb.org/39813
- http://osvdb.org/39814
- http://osvdb.org/39815
- http://osvdb.org/39816
- http://osvdb.org/39817
- http://osvdb.org/39818
- http://osvdb.org/39819
- http://osvdb.org/39820
- http://osvdb.org/39821
- http://osvdb.org/39822
- http://osvdb.org/39823
- http://osvdb.org/39824