PT-2006-5873 · A-Blog 2 · A-Blog 2

V1Per-Hacker

Published

2006-10-02

Updated

2017-10-19

CVE-2006-5135

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions A-Blog 2 (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via specific parameters in various PHP files. The vulnerable parameters include open box, middle box, and close box in sources/myaccount.php, navigation end in navigation/search.php and navigation/donation.php, and navigation start and navigation middle in navigation/donation.php, navigation/latestnews.php, and navigation/links.php.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5135

Affected Products

A-Blog 2

PT-2006-5873 · A-Blog 2 · A-Blog 2

CVE-2006-5135

Related Identifiers

Affected Products

References · 4