CVE-2008-5776

Name of the Vulnerable Software and Affected Versions Aperto Blog version 0.1.1

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences. This can be achieved by manipulating the action parameter to admin.php and the get parameter to index.php. In certain environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Recommendations For Aperto Blog version 0.1.1, consider restricting access to the admin.php and index.php files to minimize the risk of exploitation. As a temporary workaround, avoid using the action and get parameters in these files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.