CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-1801

HIGH
7.5
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile0.08th
Published2007年4月2日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.

Affected Platforms (CPE)

📦
Sblog

Sblog

= 0.7.3_beta

References & Advisories

🔗 http://osvdb.org/35458
🔗 http://www.securityfocus.com/bid/23206
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/33326
🔗 https://www.exploit-db.com/exploits/3601
🔗 http://osvdb.org/35458
🔗 http://www.securityfocus.com/bid/23206
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/33326
🔗 https://www.exploit-db.com/exploits/3601

相关漏洞威胁

CVE-2006-218910.0

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the...

CVE-2007-58187.6

Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitr...

CVE-2006-01014.3

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbi...

CVE-2006-11354.3

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML v...