Описание
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.3.8 (включая)
cpe:2.3:a:pppblog:pppblog:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.22068
Средний
5.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
EPSS
Процентиль: 96%
0.22068
Средний
5.4 Medium
CVSS2
Дефекты
NVD-CWE-Other