vendor:
MyBlog: PHP and MySQL Blog/CMS software
by:
[the_Edit0r]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: MyBlog: PHP and MySQL Blog/CMS software
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy
This vulnerability allows an attacker to include remote files in the MyBlog PHP and MySQL Blog/CMS software. The exploit can be triggered by manipulating the 'scoreid' parameter in the 'games.php' script.
Mitigation:
The vendor should release a patch to fix the vulnerability. In the meantime, users should validate user input and sanitize any input used in file inclusion.