CVE-2009-0325

2009-01-2918:09:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.021

Percentile

89.0%

JSON

Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a … (dot dot) in the cat parameter.

References

secunia.com/advisories/33573

www.push55.co.uk/index.php?s=ad&id=6

www.securityfocus.com/bid/33351

www.exploit-db.com/exploits/7831

www.push55.co.uk/poclibrary/ninjadesignscouk-1.txt