exploitDog

CVE-2006-1243

Опубликовано: 15 мар. 2006

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*

Версия до 0.4.7.1 (включая)

cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.5:*:*:*:*:*:*:*

cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.6:*:*:*:*:*:*:*

cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.7:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16306

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5r6g-rqr9-3wrq

github

почти 4 года назад

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

EPSS

Процентиль: 95%

0.16306

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other