Published: 06/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
blogplus blogplus 1.0

--:local file include:-- --------------------------------- script:blog+ v10 ---------------------------------------------- download from:wwwzidducom/download/3151643/blogplus_v10_finalziphtml ---------------------------------------------- ...

CWE-22 http://www.securityfocus.com/bid/34261 https://exchange.xforce.ibmcloud.com/vulnerabilities/49446 https://www.exploit-db.com/exploits/8290 https://nvd.nist.gov https://www.exploit-db.com/exploits/8290/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1246

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect