CVE-2006-6465

Name of the Vulnerable Software and Affected Versions WikyBlog versions 1.3.2 and earlier

Description A directory traversal issue in WBmap.php allows remote attackers to include and execute arbitrary local files. This is achieved by using directory traversal sequences in the l parameter. However, it's noted that the l parameter is validated by ctype alpha before use.

Recommendations For WikyBlog versions 1.3.2 and earlier, consider restricting access to the WBmap.php file until a fix is available. As a temporary workaround, validate and sanitize the l parameter to prevent directory traversal sequences.