PT-2006-2782 · Quickblogger · Quickblogger

Published

2006-04-14

Updated

2018-10-18

CVE-2006-1791

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions QuickBlogger version 1.4

Description A directory traversal issue in the acc.php file allows remote attackers to read or include arbitrary local files via the request parameter. This issue can also lead to resultant XSS when the associated include statement fails.

Recommendations For QuickBlogger version 1.4, consider restricting access to the acc.php file and the request parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the request parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1791

Affected Products

Quickblogger

PT-2006-2782 · Quickblogger · Quickblogger

CVE-2006-1791

Related Identifiers

Affected Products

References · 5