Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lnblog lnblog |
||
lnblog lnblog 0.8.1 |
||
lnblog lnblog 0.8.2 |
||
lnblog lnblog 0.8.0 |