8 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.033 Low
EPSS
Percentile
91.2%
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
CPE | Name | Operator | Version |
---|---|---|---|
george_lewe:teamcal_pro | george lewe teamcal pro | le | 3.1.000 |
osvdb.org/39805
osvdb.org/39806
osvdb.org/39807
osvdb.org/39808
osvdb.org/39809
osvdb.org/39810
osvdb.org/39811
osvdb.org/39812
osvdb.org/39813
osvdb.org/39814
osvdb.org/39815
osvdb.org/39816
osvdb.org/39817
osvdb.org/39818
osvdb.org/39819
osvdb.org/39820
osvdb.org/39821
osvdb.org/39822
osvdb.org/39823
osvdb.org/39824
osvdb.org/39825
osvdb.org/39826
www.securityfocus.com/bid/27022
exchange.xforce.ibmcloud.com/vulnerabilities/39212
www.exploit-db.com/exploits/4785