Vulnerabilities > CVE-2007-1577 - Local File Include vulnerability in Geblog 0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

geblog

exploit available

NVD

Published: 2007-03-21

Updated: 2017-10-11

Summary

Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Vulnerable Configurations

Part	Description	Count
Application	Geblog Geblog Geblog 0.1	1

Exploit-Db

description	GeBlog 0.1 GLOBALS[tplname] Local File Inclusion Exploit (win). CVE-2007-1577. Webapps exploit for php platform
file	exploits/php/webapps/3522.pl
id	EDB-ID:3522
last seen	2016-01-31
modified	2007-03-20
platform	php
port
published	2007-03-20
reporter	GoLd_M
source	https://www.exploit-db.com/download/3522/
title	GeBlog 0.1 - GLOBALStplname Local File Inclusion Exploit win
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References