Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
References
Configurations
History
No history.
Information
Published : 2006-09-19 21:07
Updated : 2024-02-04 17:13
NVD link : CVE-2006-4878
Mitre link : CVE-2006-4878
CVE.ORG link : CVE-2006-4878
JSON object : View
Products Affected
david_bennett
- php-post
CWE