Remote file inclusion

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tcconfigrootdir parameter to 1 upgrade.php, 2 paintsave.php, 3 menu.php, 4 manage.php, and 5 banned.php. NOTE: his issue has been disputed by reliable third parties, who...

CVE-2007-0863

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tcconfigrootdir parameter to 1 upgrade.php, 2 paintsave.php, 3 menu.php, 4 manage.php, and 5 banned.php. NOTE: his issue has been disputed by reliable third parties, who...

CVE-2007-0863

Trevorchan 0.7 and earlier is affected by a PHP remote file inclusion vulnerability. The issue allows an attacker to execute arbitrary code by manipulating tc_config[rootdir] via multiple API endpoints (upgrade.php, paint_save.php, menu.php, manage.php, banned.php). The core cause is user-control...

PT-2007-2305 · Unknown · Trevorchan

Name of the Vulnerable Software and Affected Versions: Trevorchan versions 0.7 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary code via the tc configrootdir parameter to several API endpoints, including "upgrade.php", "paint save.php", "menu.php...

trevorchan07-rfi.txt

------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:Trevorchan v0.7 Download: http://rel.trevorchan.org/Releasev07.zip Contact: ilker Kandemir Code: requireonce$tcconfig'rootdir'."/inc/functions.php";...