| VID |
21697 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Simple PHP Blog is vulnerable to a directory traversal vulnerability in the comments.php script. Simple PHP Blog is a freely available, open source Web blog written in PHP. Simple PHP Blog version 0.3.7c and earlier versions could allow a remote attacker to view files residing outside of the Web root, caused by improper filtering of user-supplied input passed to the 'entry' parameter of the 'comments.php' script. By sending a specially-crafted URL containing "dot dot" sequences (/../), a remote attacker could read arbitrary files outside of the web root directory with the privileges of the Web service.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0210.html
* Platforms Affected:
Alexander Palmo, Simple PHP Blog version 0.3.7c and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Simple PHP Blog (0.3.7r2 or later), available from the Simple PHP Blog Web site at http://www.bigevilbrain.com/sphpblog/static.php?page=static040502-230734 |
| Related URL |
CVE-2005-0214 (CVE) |
| Related URL |
12193 (SecurityFocus) |
| Related URL |
18802 (ISS) |
|
