CVE-2006-1243
Last modified
CVE-2006-1243 is a vulnerability of currently unknown severity. Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.. EPSS estimates a 9.53% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Alexander Palmo | Simple Php Blog | <= 0.4.7.1 |
| Alexander Palmo | Simple Php Blog | 0.4.0 |
| Alexander Palmo | Simple Php Blog | 0.4.5 |
| Alexander Palmo | Simple Php Blog | 0.4.6 |
| Alexander Palmo | Simple Php Blog | 0.4.7 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-1243?
How severe is CVE-2006-1243?
How do I fix CVE-2006-1243?
Are you affected by CVE-2006-1243?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST