CVE-2004-1426

Name of the Vulnerable Software and Affected Versions: KorWeblog versions 1.6.2-cvs and earlier

Description: The issue allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter. This is a directory traversal vulnerability in the index.php file.

Recommendations: For KorWeblog versions 1.6.2-cvs and earlier, as a temporary workaround, consider restricting access to the lng parameter in the index.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.