{"id": "EDB-ID:23613", "hash": "580f5bb4daebc3df8221bf13cb5ddb0f", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Leif M. Wright Web Blog 1.1 File Disclosure Vulnerability", "description": "Leif M. Wright Web Blog 1.1 File Disclosure Vulnerability. CVE-2004-2127. Webapps exploit for cgi platform", "published": "2004-01-20T00:00:00", "modified": "2004-01-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/23613/", "reporter": "Zone-h Security Team", "references": [], "cvelist": ["CVE-2004-2127"], "lastseen": "2016-02-02T21:23:51", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-02-02T21:23:51"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-2127"]}, {"type": "osvdb", "idList": ["OSVDB:3739"]}], "modified": "2016-02-02T21:23:51"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/23613/", "sourceData": "source: http://www.securityfocus.com/bid/9517/info\r\n\r\nWeb Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that contains directory traversal sequences. This would permit the attacker to access files that are readable by the server and could disclose sensitive information. \r\n\r\nhttp://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd ", "osvdbidlist": ["3739"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:08:04", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable.", "modified": "2017-07-11T01:31:00", "id": "CVE-2004-2127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2127", "published": "2004-01-20T05:00:00", "title": "CVE-2004-2127", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nWeb Blog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a URL which utilizes directory traversal character to escape the server root, which will disclose arbitrary file information resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeb Blog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a URL which utilizes directory traversal character to escape the server root, which will disclose arbitrary file information resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd\n## References:\nVendor URL: http://leifwright.com/scripts/Blog.html\n[Secunia Advisory ID:10740](https://secuniaresearch.flexerasoftware.com/advisories/10740/)\nOther Advisory URL: http://www.zone-h.org/en/advisories/read/id=3822/\n[CVE-2004-2127](https://vulners.com/cve/CVE-2004-2127)\nBugtraq ID: 9517\n", "modified": "2004-01-28T10:24:32", "published": "2004-01-28T10:24:32", "href": "https://vulners.com/osvdb/OSVDB:3739", "id": "OSVDB:3739", "type": "osvdb", "title": "Leif Wright Web Blog Directory Traversal ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}