CVE-2007-6553 Information
Description
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php (2) absencecount.inc.php (3) avatar.inc.php (4) csvhandler.class.php (5) functions.tcpro.php (6) header.html.inc.php (7) joomlajack.tcpro.php (8) menu.inc.php (9) other.inc.php (10) tcabsence.class.php (11) tcabsencegroup.class.php (12) tcallowance.class.php (13) tcannouncement.class.php (14) tcconfig.class.php (15) tcdaynote.class.php (16) tcgroup.class.php (17) tcholiday.class.php (18) tclogin.class.php (19) tcmonth.class.php (20) tctemplate.class.php (21) tcusergroup.class.php or (22) tcuseroption.class.php in includes/ possibly a related issue to CVE-2006-4845.
Reference
http://osvdb.org/39805 http://osvdb.org/39806 http://osvdb.org/39807 http://osvdb.org/39808 http://osvdb.org/39809 http://osvdb.org/39810 http://osvdb.org/39811 http://osvdb.org/39812 http://osvdb.org/39813 http://osvdb.org/39814 http://osvdb.org/39815 http://osvdb.org/39816 http://osvdb.org/39817 http://osvdb.org/39818 http://osvdb.org/39819 http://osvdb.org/39820 http://osvdb.org/39821 http://osvdb.org/39822 http://osvdb.org/39823 http://osvdb.org/39824 http://osvdb.org/39825 http://osvdb.org/39826 http://www.securityfocus.com/bid/27022 https://exchange.xforce.ibmcloud.com/vulnerabilities/39212 https://www.exploit-db.com/exploits/4785
Share on: