Description: Luca "ikki" Carettoni and Luca "Daath" De Fulgentis have reported some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system.
1) Input passed to the "user_colors[bg_color]" parameter in the file \themes\<theme name>\user_style.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that "register_globals" is enabled.
2) The upload_img_cgi.php script does not correctly restrict certain types of uploaded files. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.