Vulnerabilities > CVE-2006-2770 - Directory Traversal vulnerability in PPPBlog

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
high complexity
pppblog
exploit available

Summary

Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0]. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
Pppblog
1

Exploit-Db

  • descriptionpppBlog <= 0.3.8 (randompic.php) System Disclosure Exploit. CVE-2006-2770. Webapps exploit for php platform
    idEDB-ID:1853
    last seen2016-01-31
    modified2006-05-31
    published2006-05-31
    reporterrgod
    sourcehttps://www.exploit-db.com/download/1853/
    titlepppBlog <= 0.3.8 randompic.php System Disclosure Exploit
  • descriptionpppBlog <= 0.3.11 (randompic.php) File Disclosure Vulnerability. CVE-2006-2770. Webapps exploit for php platform
    idEDB-ID:6972
    last seen2016-02-01
    modified2008-11-03
    published2008-11-03
    reporterJosS
    sourcehttps://www.exploit-db.com/download/6972/
    titlepppBlog <= 0.3.11 - randompic.php File Disclosure Vulnerability