QuickTicket v1.2 Local File Inclusion

vendor:

QuickTicket

by:

katatafish (karatatata@hush.com)

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: QuickTicket

Affected Version From: QuickTicket v1.2

Affected Version To: QuickTicket v1.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

QuickTicket v1.2 Local File Inclusion

The QuickTicket v1.2 application is vulnerable to Local File Inclusion. This allows an attacker to include arbitrary files from the local file system, which can lead to remote code execution or unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and avoid using user-supplied data in file inclusion functions. Additionally, the application should validate file paths and restrict access to sensitive files.

Source

QuickTicket v1.2 Local File Inclusion

Mitigation:

Exploit-DB raw data: