HTTP: Simple PHP Blog Password File Download
This signature detects attempts to exploit a known vulnerability against Simple PHP Blog. A successful attack can lead to arbitrary code execution. By downloading the password file, an attacker can modify and upload it back to the server. This provides the attacker complete control over the system with serving process privileges, sometimes root.
Extended Description
Simple PHP Blog is prone to a remote arbitrary file-upload vulnerability. This issue may allow remote attackers to upload arbitrary files, including malicious scripts, and possibly to execute a script on the affected server. Simple PHP Blog 0.4.0 is affected by this issue. Other versions may be vulnerable as well.
Affected Products
Alexander_palmo simple_php_blog
Short Name
HTTP:PHP:SPHPBLOG-PW-DOWNLOAD
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Blog CVE-2005-2733 Download File PHP Password Simple bid:14667
Release Date
06/01/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Alexander_palmo
CVSS Score
7.5