vendor:
CCS Open
by:
Dr Max Virus
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: CCS Open
Affected Version From: 1.2.1015
Affected Version To: 1.2.1015
Patch Exists: YES
Related CWE: N/A
CPE: a:tucows:ccs_open:1.2.1015
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006
Tucows Open Project –Remote File Inclusion Vulnerability
Tucows Open Project is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to execute arbitrary code on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input to the '_ENV[TCA_HOME]' parameter in the 'domainutils.inc.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote server.
Mitigation:
The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.