CVE-2006-1777

Name of the Vulnerable Software and Affected Versions Simplog versions 0.9.2 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter. This can be demonstrated by injecting PHP sequences into an Apache error log file, which is then included by doc/index.php.

Recommendations For Simplog versions 0.9.2 and earlier, consider restricting access to the s parameter in the doc/index.php file to minimize the risk of exploitation. As a temporary workaround, consider disabling the inclusion of local files by doc/index.php until a patch is available.