Users of TCMS please be advised of a Local File Inclusion vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22573: [HTB22573] Local File Inclusion in TCMS
Product: TCMS
Vulnerability Type: Local File Inclusion
Vulnerability Details:
Null-byte (%00) injection and catalog bypass (../) attacks are possible and can lead to arbitrary local file inclusion and execution. An attacker needs to have a possibility to modify or create local files to exploit this vulnerability, or have a malicious file already existing in the system.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aY47Fa
No comments:
Post a Comment