CVE-2006-2770

Name of the Vulnerable Software and Affected Versions pppBLOG versions 0.3.8 and earlier

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the randompic.php file when register globals is enabled. This can be achieved by using a .. (dot dot) sequence in an index of the file array parameter.

Recommendations For pppBLOG versions 0.3.8 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the randompic.php file until a patch is available. Avoid using the file array parameter in the affected file until the issue is resolved.