Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Simple PHP Blog < 0.4.7.2 install05.php Local File Inclusion

High

Synopsis

The remote host is vulnerable to a local 'file inclusion' flaw.

Description

The remote host is running the Simple PHP Blog, web log (or blog) package. This version of Simple PHP Blog is vulnerable to a flaw where remote users can manipulate the application to include any local file within an executed query. For example, the attacker could request that the /etc/passwd file be used in a PHP query that would then return confidential data back to the attacker. An attacker exploiting this flaw would gain access to confidential data.

Solution

Upgrade to version 0.4.7.2 or higher.