Vulnerability Description
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apertoblog | Apertoblog | 0.1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/32850Exploit
- https://www.exploit-db.com/exploits/7482
- http://www.securityfocus.com/bid/32850Exploit
- https://www.exploit-db.com/exploits/7482
FAQ
What is CVE-2008-5776?
CVE-2008-5776 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to a...
How severe is CVE-2008-5776?
CVE-2008-5776 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5776?
Check the references section above for vendor advisories and patch information. Affected products include: Apertoblog Apertoblog.