CVE-2008-0559

Name of the Vulnerable Software and Affected Versions Nilson's Blogger version 0.11

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal vulnerabilities. This can be achieved by using a .. (dot dot) in the permalink parameter in core.php, accessed through index.php, and the thispost parameter in comments.php.

Recommendations For Nilson's Blogger version 0.11, as a temporary workaround, consider restricting access to the core.php and comments.php files until a patch is available. Avoid using the permalink and thispost parameters in the affected API endpoints until the issue is resolved.