CVE-2001-1050

Description

CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Affected products

• cccsoftware / ccc0.91 – 0.91
• cccsoftware / ccc0.92 – 0.92
• cccsoftware / ccc0.94 – 0.94
• cccsoftware / ccc0.95 – 0.95
• cccsoftware / ccc0.96 – 0.96
• cccsoftware / ccc0.97 – 0.97
• cccsoftware / ccc0.98 – 0.98
• cccsoftware / ccc0.99 – 0.99
• cccsoftware / ccc1.0 – 1.0
• cccsoftware / ccc1.02 – 1.02
• cccsoftware / ccc1.03 – 1.03

References

• MISChttp://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
• MISChttp://www.securityfocus.com/bid/3389
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7215