Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Simple PHP Blog < install05.php Local File Inclusion



The remote host is vulnerable to a local 'file inclusion' flaw.


The remote host is running the Simple PHP Blog, web log (or blog) package. This version of Simple PHP Blog is vulnerable to a flaw where remote users can manipulate the application to include any local file within an executed query. For example, the attacker could request that the /etc/passwd file be used in a PHP query that would then return confidential data back to the attacker. An attacker exploiting this flaw would gain access to confidential data.


Upgrade to version or higher.