Vulnerabilities > CVE-2007-3505 - Local File Include vulnerability in Qt-Cute Quicktalk Forum 1.3

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
qt-cute
exploit available
NVD
Published: 2007-07-02
Updated: 2017-10-19

Summary

Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php. Successful exploitation requires that "magic_quotes_gpc" is disabled.

Vulnerable Configurations

Part Description Count
Application
Qt-Cute
1

Exploit-Db

descriptionQuickTalk forum 1.3 (lang) Local File Inclusion Vulnerabilities. CVE-2007-3505. Webapps exploit for php platform
fileexploits/php/webapps/4115.txt
idEDB-ID:4115
last seen2016-01-31
modified2007-06-27
platformphp
port
published2007-06-27
reporterKatatafish
sourcehttps://www.exploit-db.com/download/4115/
titleQuickTalk forum 1.3 lang Local File Inclusion Vulnerabilities
typewebapps

References