tellmatic tm_includepath Variable Remote File Inclusion

ID OSVDB:39690
Type osvdb
Reporter OSVDB
Modified 2007-12-01T00:00:00


Vulnerability Description

tellmatic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to '' not properly sanitizing user input supplied to the 'tm_includepath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

tellmatic tm_includepath Variable Remote File Inclusion

Manual Testing Notes



Secunia Advisory ID:27895 Related OSVDB ID: 1019179 Related OSVDB ID: 39691 Related OSVDB ID: 39692 Related OSVDB ID: 39693 Mail List Post: ISS X-Force ID: 38801 Generic Exploit URL: CVE-2007-6231 Bugtraq ID: 26678