PT-2007-4805 · Quickticket · Quickticket

Katatafish

Published

2007-07-03

Updated

2017-09-29

CVE-2007-3547

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions QuickTicket version 1.2

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by utilizing a .. (dot dot) in the lang parameter of the qti checkname.php file.

Recommendations For QuickTicket version 1.2, consider restricting access to the qti checkname.php file or avoiding the use of the lang parameter until a fix is available. As a temporary workaround, restrict the ability to include local files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3547

Affected Products

Quickticket

PT-2007-4805 · Quickticket · Quickticket

CVE-2007-3547

Related Identifiers

Affected Products

References · 6