TxxCMS_Multiple File inclusion Vulnerabilies

2007.09.12

Credit: nnc

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-4819 | CVE-2007-4818

CWE: N/A

:::::::::::::::::::::::::::::::::::::::::::::::::::.....................
..
::| | (_) | | | / ____|
::| | |_ ___ ___ | | | __ _ _ __ ___ ___ | | _ __ _____ __
::| . ` | |/ __/ _ | . ` |/ _` | '_ ` _ / _ | | | '__/ _ / / /
::| | | | (_| __/ | | | (_| | | | | | | __/ | |____| | | __/ V V /
::|_| _|_|______| |_| _|__,_|_| |_| |_|___| _____|_| ___| _/_/
:::::::::::::::::::::::::::::We got the nicest name in the security scene!
::::::::Info::.
::Script: Txx CMS
::Homepage:https://sourceforge.net/projects/txx/
::
:::::::::Details::.
::Type: File_Inclusion
::
::in modules/addons/plugin.php
::and modules/addons/sidebar.php
::and modules/mail/index.php
::and modules/mail/mailbox.php
::
::$doc_root is not defined
::
::
:: we also found countless xss in there
:: but we wont list em because we got more important
:: stuff to do
::::::::::::::::::::::::::::::::.
:::::::::::Additional_Information::.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
::Contact: nne (at) chilloutzone (dot) eu [email concealed]
::Website: http://nnc.unkn0wn.eu or http://www.chilloutzone.eu
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TxxCMS_Multiple File inclusion Vulnerabilies

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.