TotalCalendar cms_detect.php模块本地文件包含漏洞

BUGTRAQ ID: 34634 CVECAN ID: CVE-2009-1406 TotalCalendar是一种基于Web的日程管理系统。 TotalCalendar的cmsdetect.php模块没有正确地验证对include参数所传送的输入便用于包含文件，远程攻击者可以通过目录遍历攻击包含本地资源的任意文件。以下是cmsdetect.php中的有漏洞代码段： ------------------------------------------------------------------------------- Line 26 : $include =...

CVE-2009-1406

TotalCalendar 2.4 is affected by a directory traversal in cms_detect.php: the include parameter is not properly validated, enabling remote attackers to include and execute local files. Exploitation example shown: include=../../../../../../BOOTSECT.BAK. Root cause is unsanitized input used in requ...

TotalCalendar 2.4 - Include Local File Inclusion

TotalCalendar 2.4 - Include Local File Inclusion + TotalCalendar 2.4 include Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Local File Inclusion Vulnerable code in cmsdetect.php: -------------------------------------------------------------------------------...

TotalCalendar 2.4 - 'Include' Local File Inclusion

TotalCalendar 2.4 include Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Local File Inclusion Vulnerable code in cmsdetect.php: ------------------------------------------------------------------------------- Line 26 : $include = isset$REQUEST'include' ?...

TotalCalendar 2.4 (include) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================== TotalCalendar 2.4 include Local File Inclusion Vulnerability ============================================================== + TotalCalendar 2.4 include Local File Inclusion +...