Danny Moules

**Name of the Vulnerable Software and Affected Versions** Ninja Blog version 4.8 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the entries/index.php file when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `cat` parameter. **Recommendations** For Ninja Blog version 4.8, consider disabling the `cat` parameter in the entries/index.php file until a patch is available, or enable magic quotes gpc to prevent the directory traversal vulnerability.