CVE-2007-1577

Name of the Vulnerable Software and Affected Versions GeBlog version 0.1

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by injecting a .. (dot dot) in the GLOBALS[tplname] parameter. Attackers can inject PHP sequences into an Apache HTTP Server log file, which is then included by index.php, potentially leading to code execution.

Recommendations For GeBlog version 0.1, as a temporary workaround, consider restricting access to the index.php file or disabling the use of the GLOBALS[tplname] parameter until a patch is available. Avoid using the GLOBALS[tplname] parameter in the affected index.php file until the issue is resolved.