CVE-2007-6582

Name of the Vulnerable Software and Affected Versions mBlog version 1.2

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is achieved by using a .. (dot dot) in the page parameter within a page mode action.

Recommendations For mBlog version 1.2, consider restricting access to the page parameter in the index.php file to prevent directory traversal attacks until a patch is available. As a temporary workaround, avoid using the page parameter with unvalidated input to minimize the risk of exploitation.