CVE-2003-1459

Published: 31/12/2003 Updated: 29/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote malicious users to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ttcms ttcms 2.2
ttcms ttforum 1.1

source: wwwsecurityfocuscom/bid/7542/info A remote file include vulnerability has been reported for both ttForum and ttCMS Due to insufficient sanitization of some user-supplied variables by the 'Newsphp' and 'Installphp' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL Successful exploitation wi ...

source: wwwsecurityfocuscom/bid/7542/info A remote file include vulnerability has been reported for both ttForum and ttCMS Due to insufficient sanitization of some user-supplied variables by the 'Newsphp' and 'Installphp' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL Successful exploitation ...

CWE-94 http://www.securityfocus.com/archive/1/321000 http://www.securityfocus.com/bid/7542 http://securityreason.com/securityalert/3278 https://exchange.xforce.ibmcloud.com/vulnerabilities/12271 https://nvd.nist.gov https://www.exploit-db.com/exploits/22577/

CVE-2003-1459

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect