CVE-2006-0371

Name of the Vulnerable Software and Affected Versions RCBlog version 1.03

Description A directory traversal issue exists, allowing remote attackers to read arbitrary .txt files by using a .. (dot dot) in the post parameter of the index.php file. This could potentially include accessing a file that stores the administrator's account name and password.

Recommendations For RCBlog version 1.03, consider restricting access to the index.php file until a fix is available, or apply configuration changes to prevent directory traversal attacks, such as validating and sanitizing user input for the post parameter.