|
 |
|
PHP-Blogger Disclosure of Sensitive Information Security Issue
|
|
|
|
|
Secunia Advisory:
|
SA13665
|
|
|
Release Date:
|
2004-12-24
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | PHP-Blogger 1.x
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
snilabs has reported a security issue in PHP-Blogger, which can be exploited by malicious people to disclose sensitive information.
The problem is that database files (.db) by default are stored inside the web root and are not correctly protected against being accessed directly on some server configurations. This can e.g. be exploited to disclose the admin password.
NOTE: Systems running Apache with support for .htaccess files are not affected by this issue.
Solution:
Configure PHP-Blogger to access database files in a directory outside the web root.
Provided and/or discovered by:
snilabs
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
