CVE-2007-3547

Name of the Vulnerable Software and Affected Versions QuickTicket version 1.2

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by utilizing a .. (dot dot) in the lang parameter of the qti checkname.php file.

Recommendations For QuickTicket version 1.2, consider restricting access to the qti checkname.php file or avoiding the use of the lang parameter until a fix is available. As a temporary workaround, restrict the ability to include local files to minimize the risk of exploitation.