2 matches found
CVE-2006-1243
CVE-2006-1243 affects Simple PHP Blog (SPB) up to version 0.4.7.1, via install05.php. The vulnerability is a local file inclusion triggered by improper handling of the blog_language parameter, allowing directory traversal and a NUL character to force inclusion of arbitrary local files (demonstrat...
Simple PHP Blog install05.php blog_language Parameter Local File Inclusion
The version of Simple PHP Blog installed on the remote host fails to sanitize input to the 'bloglanguage' parameter of the 'install05.php' script before using it in a PHP 'requireonce' function. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute...