Vulnerabilities > CVE-2003-0320 - Remote Security vulnerability in Ttcms

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

andy-prevost

exploit available

NVD

Published: 2003-06-09

Updated: 2016-10-18

Summary

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.

Vulnerable Configurations

Part	Description	Count
Application	Andy_Prevost Andy Prevost Ttcms *	1

Exploit-Db

description	ttCMS 2.2/2.3 Header.PHP Remote File Include Vulnerability. CVE-2003-0320. Webapps exploit for php platform
id	EDB-ID:22612
last seen	2016-02-02
modified	2003-05-17
published	2003-05-17
reporter	[email protected]
source	https://www.exploit-db.com/download/22612/
title	ttCMS 2.2/2.3 Header.PHP Remote File Include Vulnerability

References

http://marc.info/?l=bugtraq&m=105320172212990&w=2