CVE-2007-6554

TeamCal Pro <3.1.000 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6554. PoCs published by GoLd_M.

AI-analyzed exploit summary The exploit demonstrates multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in TeamCal Pro <= 3.1.000. It provides specific URLs with crafted parameters to exploit these vulnerabilities, allowing an attacker to include arbitrary remote or local files.

Description

Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/4785

View Code ZIP pw:eip

The exploit demonstrates multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in TeamCal Pro <= 3.1.000. It provides specific URLs with crafted parameters to exploit these vulnerabilities, allowing an attacker to include arbitrary remote or local files.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TeamCal Pro <= 3.1.000

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server for RFI

MITRE ATT&CK