PHP Remote File Inclusion Vulnerabilities in TeamCal Pro by TeamCal
CVE-2007-6553

Currently unrated

Key Information:

Vendor: George Lewe
Status: Teamcal Pro
Vendor: CVE Published:; 28 December 2007

Summary

Multiple PHP remote file inclusion vulnerabilities exist in TeamCal Pro versions 3.1.000 and earlier. These flaws allow remote attackers to execute arbitrary PHP code by manipulating the CONF[app_root] parameter, affecting critical files within the application. Exploiting these vulnerabilities could lead to unauthorized access and control over the affected systems, posing significant security risks to users.

References

http://osvdb.org/39813

vdb-entryx_refsource_OSVDB

http://osvdb.org/39821

vdb-entryx_refsource_OSVDB

http://osvdb.org/39809

vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 28, 2007
Vulnerability Reserved
Dec 27, 2007