| VID |
21698 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Simple PHP Blog is older or as old as than version 0.4.0 appears as installed on the host. Simple PHP Blog is a freely available, open source Web blog written in PHP. Simple PHP Blog version 0.4.0 and earlier versions are vulnerable to the following vulnerabilities:
1) Input passed to the "comment" parameter in the "comment_delete_cgi.php" script isn't properly verified, before it is used to delete comments. This can be exploited to delete arbitrary files. This can further be exploited to change the administrator's username and password by deleting the "config/password.txt" password file and accessing the "install03_cgi.php" installation script.
2) The second vulnerability is caused to the upload_img_cgi.php script failing to validate the extension of an uploaded image file. This can be exploited to upload files with arbitrary extensions (e.g. ".php") and execute arbitrary PHP code on the server.
* Note: This check solely relied on the version number of the Simple PHP Blog installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.xorcrew.net/xpa/XPA_SimplePHPBlog.txt
http://www.ftusecurity.com/pub/sphpblog_vulns
http://secunia.com/advisories/16598/
http://secunia.com/advisories/16616/
http://archives.neohapsis.com/archives/bugtraq/2005-08/0401.html
* Platforms Affected:
Alexander Palmo, Simple PHP Blog version 0.4.0 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of September 2005.
Upgrade to the latest version of Simple PHP Blog, when new fixed version becomes available from the Simple PHP Blog Web site at http://www.bigevilbrain.com/sphpblog/static.php?page=static040502-230734 |
| Related URL |
CVE-2005-2733,CVE-2005-2787 (CVE) |
| Related URL |
14667,14681 (SecurityFocus) |
| Related URL |
22012,22096 (ISS) |
|
