CVE-2006-4845
Properties
- Published:
- 17.09.2006
- Updated:
- 20.09.2006
- Patch available:
- Severity:
- Medium
- CVSS vector:
- (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
- Product:
- George Lewe: TeamCal Pro
Vulnerability description
PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.References:
http://milw0rm.com/exploits/2368: http://milw0rm.com/exploits/2368BID: http://www.securityfocus.com/bid/20030
BID: http://www.securityfocus.com/bid/20036
FRSIRT: http://www.frsirt.com/english/advisories/2006/3630
SECUNIA: http://secunia.com/advisories/21933
XF: http://xforce.iss.net/xforce/xfdb/28956