RCBlog Post Parameter Directory Traversal Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to directory traversal attacks. Description : The remote host is running RCBlog, a blog written in PHP. The remote version of this software fails to sanitize user-supplied input to the 'post' parameter of the 'index.php' script. An attacker can use this to access arbitrary files on the remote host provided PHP's 'magic_quotes' setting is disabled or, regardless of that setting, files with a '.txt' extension such as those used by the application to store administrative credentials.

Solution

Remove the application as its author no longer supports it.

References

http://www.securityfocus.com/archive/1/422499

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0370, CVE-2006-0371

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Struts Cross Site Scripting Vulnerability

RCBlog post Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities