Vulnerabilities > CVE-2007-2304 - Scripts Multiple Input Validation vulnerability in QDBlog

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
qdblog
exploit available
NVD
Published: 2007-04-26
Updated: 2017-10-11

Summary

Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.

Vulnerable Configurations

Part Description Count
Application
Qdblog
1

Exploit-Db

descriptionQDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities. CVE-2007-2304,CVE-2007-2305. Webapps exploit for php platform
fileexploits/php/webapps/3729.txt
idEDB-ID:3729
last seen2016-01-31
modified2007-04-13
platformphp
port
published2007-04-13
reporterOmni
sourcehttps://www.exploit-db.com/download/3729/
titleqdblog 0.4 SQL Injection/lfi Multiple Vulnerabilities
typewebapps

References