Vulnerabilities > CVE-2006-1777 - Unspecified vulnerability in Simplog
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Simplog <= 0.9.2 (s) Remote Commands Execution Exploit. CVE-2006-0146,CVE-2006-0147,CVE-2006-1776,CVE-2006-1777,CVE-2006-1778,CVE-2006-1779,CVE-2006-2029.... |
file | exploits/php/webapps/1663.php |
id | EDB-ID:1663 |
last seen | 2016-01-31 |
modified | 2006-04-11 |
platform | php |
port | |
published | 2006-04-11 |
reporter | rgod |
source | https://www.exploit-db.com/download/1663/ |
title | Simplog <= 0.9.2 s Remote Commands Execution Exploit |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | SIMPLOG_S_FILE_INCLUDE.NASL |
description | The remote host is running Simplog, an open source blogging tool written in PHP. The version of Simplog installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21224 |
published | 2006-04-14 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21224 |
title | Simplog <= 0.9.2 Multiple Vulnerabilities |
References
- http://retrogod.altervista.org/simplog_092_incl_xpl.html
- http://retrogod.altervista.org/simplog_092_incl_xpl.html
- http://secunia.com/advisories/19628
- http://secunia.com/advisories/19628
- http://securitytracker.com/id?1015904
- http://securitytracker.com/id?1015904
- http://www.osvdb.org/24559
- http://www.osvdb.org/24559
- http://www.securityfocus.com/archive/1/430743/100/0/threaded
- http://www.securityfocus.com/archive/1/430743/100/0/threaded
- http://www.securityfocus.com/bid/17490
- http://www.securityfocus.com/bid/17490
- http://www.vupen.com/english/advisories/2006/1332
- http://www.vupen.com/english/advisories/2006/1332
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25775
- https://www.exploit-db.com/exploits/1663
- https://www.exploit-db.com/exploits/1663