PT-2007-2915 · Dayfox · Dayfox Blog
Dj7Xpl
·
Published
2007-03-20
·
Updated
2017-10-11
·
CVE-2007-1525
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Dayfox Blog (dfblog) version 4
Description
A direct static code injection issue exists, allowing remote attackers to execute arbitrary PHP code. This is achieved via the
cat parameter in a request to "posts.php".Recommendations
For Dayfox Blog (dfblog) version 4, avoid using the
cat parameter in the "posts.php" endpoint until a fix is available. As a temporary workaround, consider restricting access to the "posts.php" endpoint to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dayfox Blog