CVE-2008-5949 in ccTiddlyinfo

Summary

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

01/23/2009

Disclosure

01/23/2009

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-94

Exploit

Download

CVSS

7.3

EPSS

0.03164

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5949
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5949
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5949/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!