Simple PHP Blog < 0.4.7.2 install05.php Local File Inclusion
High Nessus Network Monitor Plugin ID 3476
SynopsisThe remote host is vulnerable to a local 'file inclusion' flaw.
DescriptionThe remote host is running the Simple PHP Blog, web log (or blog) package. This version of Simple PHP Blog is vulnerable to a flaw where remote users can manipulate the application to include any local file within an executed query. For example, the attacker could request that the /etc/passwd file be used in a PHP query that would then return confidential data back to the attacker. An attacker exploiting this flaw would gain access to confidential data.
SolutionUpgrade to version 0.4.7.2 or higher.