Lucene search

[email protected]CVE-2003-0320

HistoryJun 09, 2003 - 4:00 a.m.

CVE-2003-0320

2003-06-0904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0320

remote code injection

php

ttcms

security vulnerability

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.07 Low

EPSS

Percentile

93.9%

JSON

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to “1” and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.

CPENameOperatorVersion
andy_prevost:ttcmsandy prevost ttcmsle2.3

CPE	Name	Operator	Version
andy_prevost:ttcms	andy prevost ttcms	le	2.3

References

marc.info/?l=bugtraq&m=105320172212990&w=2

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.07 Low

EPSS

Percentile

93.9%

JSON