Min-Sung Choi

Name of the Vulnerable Software and Affected Versions: KorWeblog versions 1.6.2-cvs and earlier Description: The issue allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the `lng` parameter. This is a directory traversal vulnerability in the index.php file. Recommendations: For KorWeblog versions 1.6.2-cvs and earlier, as a temporary workaround, consider restricting access to the `lng` parameter in the index.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: KorWeblog versions 1.6.2-cvs and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by modifying the `G PATH` parameter to reference a URL on a remote web server that contains the code. This can be demonstrated in `index.php` when using .. (dot dot) sequences in the `lng` parameter to cause `main.inc` to be loaded. Recommendations: For KorWeblog versions 1.6.2-cvs and earlier, as a temporary workaround, consider restricting access to the `main.inc` file and avoid using the `G PATH` parameter to reference remote URLs until a patch is available. Additionally, restrict the use of the `lng` parameter in the `index.php` endpoint to minimize the risk of exploitation.