CVE-2006-4845
TeamCal Pro < 2.8.001 - Remote File Inclusion via tc_config[app_root] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4845. PoCs published by PSYCH@.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in TeamCal Pro 2.8.001 by manipulating the 'tc_config[app_root]' parameter to include arbitrary files. The PoC shows how an attacker can include a remote shell by appending a malicious URL parameter.
Description
PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.
Exploits (1)
This exploit demonstrates a remote file inclusion vulnerability in TeamCal Pro 2.8.001 by manipulating the 'tc_config[app_root]' parameter to include arbitrary files. The PoC shows how an attacker can include a remote shell by appending a malicious URL parameter.