CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ccc | Cccsoftware | 0.91 (including) | 0.91 (including) |
| Ccc | Cccsoftware | 0.92 (including) | 0.92 (including) |
| Ccc | Cccsoftware | 0.94 (including) | 0.94 (including) |
| Ccc | Cccsoftware | 0.95 (including) | 0.95 (including) |
| Ccc | Cccsoftware | 0.96 (including) | 0.96 (including) |
| Ccc | Cccsoftware | 0.97 (including) | 0.97 (including) |
| Ccc | Cccsoftware | 0.98 (including) | 0.98 (including) |
| Ccc | Cccsoftware | 0.99 (including) | 0.99 (including) |
| Ccc | Cccsoftware | 1.0 (including) | 1.0 (including) |
| Ccc | Cccsoftware | 1.02 (including) | 1.02 (including) |
| Ccc | Cccsoftware | 1.03 (including) | 1.03 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.securityfocus.com/bid/3389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7215
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.securityfocus.com/bid/3389
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7215