Name of the Vulnerable Software and Affected Versions:

myBloggie version 2.1.5

Description:

The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the `bloggie root path` parameter to several PHP files, including `config.php`, `db.php`, `template.php`, `functions.php`, `classes.php`, `viewmode.php`, and `blog body.php`. However, it is noted that another researcher disputes this vulnerability, citing that the files are protected against direct requests, contain no relevant include statements, or do not exist.

Recommendations:

For myBloggie version 2.1.5, consider restricting access to the `bloggie root path` parameter to minimize the risk of exploitation. Additionally, review the include statements and protections in place for the mentioned PHP files to ensure they are secure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.