cbcvebase.
CVE-2006-2770
published 2006-06-02

CVE-2006-2770: Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary…

PriorityP430medium5.4CVSS 2.0
AVNACHAuNCCINAN
EXPLOIT
EPSS
3.48%
87.6th percentile
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].

Affected

1 ranges
VendorProductVersion rangeFixed in
pppblogpppblog<= 0.3.8
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.