CVE-2003-1459
ttCMS 2.2 and ttForum - Remote Code Execution via Template or InstallDir Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2003-1459. PoCs published by Charles Reinold.
AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in ttForum and ttCMS due to insufficient sanitization of user-supplied variables in 'News.php' and 'Install.php'. The provided URL demonstrates how an attacker could include a malicious PHP file from a remote server.
Description
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
Exploits (2)
The exploit describes a remote file inclusion vulnerability in ttForum and ttCMS due to insufficient sanitization of user-supplied variables in 'News.php' and 'Install.php'. The provided URL demonstrates how an attacker could include a malicious PHP file from a remote server.
The exploit describes a remote file inclusion vulnerability in ttForum and ttCMS due to insufficient sanitization of user-supplied variables in 'News.php' and 'Install.php'. An attacker can include a malicious PHP file via a crafted URL, leading to remote code execution with web server privileges.