CVE-2005-0698

Name of the Vulnerable Software and Affected Versions PHPWebLog versions 0.5.3 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code by modifying specific parameters to reference a URL on a remote web server that contains the code. The issue can be exploited by altering the G PATH parameter to init.inc.php or the PATH parameter to index.php.

Recommendations For PHPWebLog versions 0.5.3 and earlier, consider restricting access to the init.inc.php and index.php files to minimize the risk of exploitation. Avoid using the G PATH parameter to init.inc.php and the PATH parameter to index.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.