Alexander Palmo » Simple Php Blog : Security Vulnerabilities, CVEs, (Directory traversal)
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
Max CVSS
6.5
EPSS Score
0.43%
Published
2009-12-24
Updated
2018-10-10
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
Max CVSS
7.5
EPSS Score
2.48%
Published
2006-03-15
Updated
2017-10-19
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.
Max CVSS
5.0
EPSS Score
0.63%
Published
2005-05-02
Updated
2017-07-11
3 vulnerabilities found