ECHO_ADV_67$2007 ----------------------------------------------------------------------------------------- [ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni Date : March, 9th 2007 Location : Australia, Sydney Web : http://advisories.echo.or.id/adv/adv67-K-159-2007.txt Critical Lvl : Dangerous --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : WEBO (Web Organizer) version : 1.0 Vendor : http://sourceforge.net/projects/weborganizer/ Description : WEBO (Web Organizer) is an open-source Web application suite providing a groupware calendar, a personal address book, a shared contacts directory, and a personal desktop page. --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~~ - Invalid include function at modules/abook/foldertree.php : ---------------foldertree.php--------------------------------------