TeamCal Pro存在多个PHP远程文件包含漏洞,远程攻击者可以借助以下文件中CONF[app_root]参数的一个URL行任意PHP代码:(1)tcuser.class.php, (2)absencecount.inc.php, (3)avatar.inc.php, (4)csvhandler.class.php, (5)functions.tcpro.php, (6)header.html.inc.php, (7)joomlajack.tcpro.php, (8)menu.inc.php, (9)other.inc.php,(10) tcabsence.class.php, (11)tcabsencegroup.class.php, (12)tcallowance.class.php, (13)tcannouncement.class.php, (14)tcconfig.class.php, (15)tcdaynote.class.php, (16) tcgroup.class.php, (17)tcholiday.class.php, (18)tclogin.class.php, (19)tcmonth.class.php, (20)tctemplate.class.php, (21)tcusergroup.class.php, 或者(22)includes/中的tcuseroption.class.php。
TeamCal Pro存在多个PHP远程文件包含漏洞,远程攻击者可以借助以下文件中CONF[app_root]参数的一个URL行任意PHP代码:(1)tcuser.class.php, (2)absencecount.inc.php, (3)avatar.inc.php, (4)csvhandler.class.php, (5)functions.tcpro.php, (6)header.html.inc.php, (7)joomlajack.tcpro.php, (8)menu.inc.php, (9)other.inc.php,(10) tcabsence.class.php, (11)tcabsencegroup.class.php, (12)tcallowance.class.php, (13)tcannouncement.class.php, (14)tcconfig.class.php, (15)tcdaynote.class.php, (16) tcgroup.class.php, (17)tcholiday.class.php, (18)tclogin.class.php, (19)tcmonth.class.php, (20)tctemplate.class.php, (21)tcusergroup.class.php, 或者(22)includes/中的tcuseroption.class.php。