Vulnerability Description
Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mafia | Mafia Blog | 4_beta |
References
- http://chrisnowak.org/projects/mafia/
- http://marc.info/?l=bugtraq&m=111359511826958&w=2
- http://www.securityfocus.com/bid/13194
- http://chrisnowak.org/projects/mafia/
- http://marc.info/?l=bugtraq&m=111359511826958&w=2
- http://www.securityfocus.com/bid/13194
FAQ
What is CVE-2005-1169?
CVE-2005-1169 is a vulnerability with a CVSS score of 7.5 (HIGH). Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.
How severe is CVE-2005-1169?
CVE-2005-1169 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1169?
Check the references section above for vendor advisories and patch information. Affected products include: Mafia Mafia Blog.