CVE-2007-6554

Name of the Vulnerable Software and Affected Versions TeamCal Pro versions 3.1.000 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to API endpoints such as "index.php", "register.php", "login.php", or "statistics.php".

Recommendations For TeamCal Pro versions 3.1.000 and earlier, as a temporary workaround, consider restricting access to the lang parameter in the affected API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.