CVE-2007-6553

Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
Configurations

Configuration 1 (hide)

cpe:2.3:a:george_lewe:teamcal_pro:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:40

Type Values Removed Values Added
References () http://osvdb.org/39805 - () http://osvdb.org/39805 -
References () http://osvdb.org/39806 - () http://osvdb.org/39806 -
References () http://osvdb.org/39807 - () http://osvdb.org/39807 -
References () http://osvdb.org/39808 - () http://osvdb.org/39808 -
References () http://osvdb.org/39809 - () http://osvdb.org/39809 -
References () http://osvdb.org/39810 - () http://osvdb.org/39810 -
References () http://osvdb.org/39811 - () http://osvdb.org/39811 -
References () http://osvdb.org/39812 - () http://osvdb.org/39812 -
References () http://osvdb.org/39813 - () http://osvdb.org/39813 -
References () http://osvdb.org/39814 - () http://osvdb.org/39814 -
References () http://osvdb.org/39815 - () http://osvdb.org/39815 -
References () http://osvdb.org/39816 - () http://osvdb.org/39816 -
References () http://osvdb.org/39817 - () http://osvdb.org/39817 -
References () http://osvdb.org/39818 - () http://osvdb.org/39818 -
References () http://osvdb.org/39819 - () http://osvdb.org/39819 -
References () http://osvdb.org/39820 - () http://osvdb.org/39820 -
References () http://osvdb.org/39821 - () http://osvdb.org/39821 -
References () http://osvdb.org/39822 - () http://osvdb.org/39822 -
References () http://osvdb.org/39823 - () http://osvdb.org/39823 -
References () http://osvdb.org/39824 - () http://osvdb.org/39824 -
References () http://osvdb.org/39825 - () http://osvdb.org/39825 -
References () http://osvdb.org/39826 - () http://osvdb.org/39826 -
References () http://www.securityfocus.com/bid/27022 - Exploit () http://www.securityfocus.com/bid/27022 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39212 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39212 -
References () https://www.exploit-db.com/exploits/4785 - () https://www.exploit-db.com/exploits/4785 -

Information

Published : 2007-12-28 00:46

Updated : 2024-11-21 00:40


NVD link : CVE-2007-6553

Mitre link : CVE-2007-6553

CVE.ORG link : CVE-2007-6553


JSON object : View

Products Affected

george_lewe

  • teamcal_pro
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')