CVE-2006-1114
published 2006-03-09CVE-2006-1114: Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing…
PriorityP430medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
3.25%
86.7th percentile
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gerrit_van_aaken | loudblog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access
exploitdb·2006-03-07
CVE-2006-1114 LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access
LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/17023/info
Loudblog is prone to multiple input-validation vulnerabilities:
- An SQL-injection vulnerability.
- Two local file-include vulnerabilities.
- An information-disclosure vulnerability.
These issues allow remote attackers to execute arbitrary PHP script code in the context of the hosting webserver, gain administrative privileges in the web application, and gain access to potentially sensitive information.
The SQL-injection vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Successful exploitation could allow an attacker to compromise the application, access or
Exploit-DB
LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access
exploitdb·2006-03-07
CVE-2006-1114 LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access
LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/17023/info
Loudblog is prone to multiple input-validation vulnerabilities:
- An SQL-injection vulnerability.
- Two local file-include vulnerabilities.
- An information-disclosure vulnerability.
These issues allow remote attackers to execute arbitrary PHP script code in the context of the hosting webserver, gain administrative privileges in the web application, and gain access to potentially sensitive information.
The SQL-injection vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Successful exploitation could allow an attacker to compromise the application, access or m
No writeups or analysis indexed.
http://loudblog.de/forum/viewtopic.php?id=590http://secunia.com/advisories/19172http://www.securityfocus.com/archive/1/426973/100/0/threadedhttp://www.securityfocus.com/bid/17023http://www.vupen.com/english/advisories/2006/0878https://exchange.xforce.ibmcloud.com/vulnerabilities/25103http://loudblog.de/forum/viewtopic.php?id=590http://secunia.com/advisories/19172http://www.securityfocus.com/archive/1/426973/100/0/threadedhttp://www.securityfocus.com/bid/17023http://www.vupen.com/english/advisories/2006/0878https://exchange.xforce.ibmcloud.com/vulnerabilities/25103
2006-03-09
Published