CVE-2008-5776

CVSS 7.5 - HIGH

Description

Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected Products

1

Vendor	Product	Version
apertoblog	apertoblog	`0.1.1`

References

http://www.securityfocus.com/bid/32850

https://www.exploit-db.com/exploits/7482

http://www.securityfocus.com/bid/32850

https://www.exploit-db.com/exploits/7482

Weakness Types

CWE-22

CVE Information

CVE ID:: CVE-2008-5776
Published:: 2008-12-30
Modified:: 2026-04-23
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

apertoblog

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL