Security Advisory

CVE-2009-4421

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-12-24 17:00:00
Last updated 2024-08-07 07:01:20
Assigner mitre
State PUBLISHED

Description

Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.