| VID |
21856 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Loudblog program is vulnerable to multiple vulnerabilities which exist in versions prior to 0.42. Loudblog is a Content Management System (CMS) for publishing audio content on the web written in PHP. Loudblog version 0.41 and earlier versions are vulnerable to multiple vulnerabilities as follows:
1) Directory traversal vulnerability: Input passed to the "template" parameter in the "index.php" script isn't properly sanitized before being used to view files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks.
2) SQL injection vulnerability: Input passed to the "id" parameter in the "podcast.php" script isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) Local file include vulnerabilities: These could allow a remote attacker to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the 'template' and 'page' parameters in the 'index.php' script, and the 'language' parameter in the 'inc/backend_settings.php' script.
* References:
http://loudblog.de/forum/viewtopic.php?id=592
http://www.securityfocus.com/archive/1/426973/30/0/threaded
http://secunia.com/advisories/19172/
* Platforms Affected:
Loudblog version 0.41 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Loudblog (0.42 or later), available from the Loudblog Download Web site at http://loudblog.de/index.php?s=download |
| Related URL |
CVE-2006-1113,CVE-2006-1114 (CVE) |
| Related URL |
17023 (SecurityFocus) |
| Related URL |
25101,25103,25104 (ISS) |
|
