Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6553

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6553
Last Modified 15 Nov 2008 02:05:05
Published 27 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6553

Summary

Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.

Vulnerable Systems

Application

  • George Lewe Teamcal Pro 3.1.000


References

BID - 27022

MILW0RM - 4785

OSVDB - 39826

OSVDB - 39825

OSVDB - 39824

OSVDB - 39823

OSVDB - 39822

OSVDB - 39821

OSVDB - 39820

OSVDB - 39819

OSVDB - 39818

OSVDB - 39817

OSVDB - 39816

OSVDB - 39815

OSVDB - 39814

OSVDB - 39813

OSVDB - 39812

OSVDB - 39811

OSVDB - 39810

OSVDB - 39809

OSVDB - 39808

OSVDB - 39807

OSVDB - 39806

OSVDB - 39805

XF - teamcal-multiple-file-include(39212)


Last Updated: 27 May 2016 10:46:32