TeamCal Pro 多个代码注入漏洞 CVE-2007-6553 CNNVD-200712-340

6.8 AV AC AU C I A
发布: 2007-12-28
修订: 2017-09-29

TeamCal Pro存在多个PHP远程文件包含漏洞,远程攻击者可以借助以下文件中CONF[app_root]参数的一个URL行任意PHP代码:(1)tcuser.class.php, (2)absencecount.inc.php, (3)avatar.inc.php, (4)csvhandler.class.php, (5)functions.tcpro.php, (6)header.html.inc.php, (7)joomlajack.tcpro.php, (8)menu.inc.php, (9)other.inc.php,(10) tcabsence.class.php, (11)tcabsencegroup.class.php, (12)tcallowance.class.php, (13)tcannouncement.class.php, (14)tcconfig.class.php, (15)tcdaynote.class.php, (16) tcgroup.class.php, (17)tcholiday.class.php, (18)tclogin.class.php, (19)tcmonth.class.php, (20)tctemplate.class.php, (21)tcusergroup.class.php, 或者(22)includes/中的tcuseroption.class.php。

0%
当前有1条漏洞利用/PoC
当前有1条受影响产品信息