ccTiddly 'cct_base' Parameter Multiple Remote File Include Vulnerabilities

ccTiddly is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. ccTiddly 1.7.6 is vulnerable; oth...

CVE-2008-5949

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...

ccTiddly 1.7.4 - 'cct_base' Remote File Inclusion

/ $Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $ ccTiddly 1.7.4 cctbase Multiple Remote File Inclusion Vulnerabilities found by cOndemned download from : http://tiddlywiki.org/ccTiddly/ccTiddlyv1.7.4.zip Probably prior versions are vulnerable too... Greetz: ZaBeaTy, str0ke,...