Scriptslave

Name of the Vulnerable Software and Affected Versions: ttCMS versions 2.3 and earlier Description: The issue allows remote attackers to inject arbitrary PHP code. This can be achieved by setting the `ttcms user admin` parameter to "1" and modifying the `admin root` parameter to point to a URL that contains a Trojan horse `header.inc.php` script. Recommendations: For ttCMS versions 2.3 and earlier, as a temporary workaround, consider restricting access to the `admin root` parameter and validating the `ttcms user admin` parameter to prevent unauthorized access until a patch is available.

Name of the Vulnerable Software and Affected Versions: ttForum (affected versions not specified) Description: A SQL injection issue allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the `Ignorelist-Textfield` argument in the "Preferences" page. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.