CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1426

Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.7%

CVSS Severity

CVSS v2 Score 5.0

References

http://marc.info/?l=bugtraq&m=110442847614890&w=2
http://www.securityfocus.com/bid/12132
http://marc.info/?l=bugtraq&m=110442847614890&w=2
http://www.securityfocus.com/bid/12132

Products affected by CVE-2004-1426

Korweblog » Korweblog » Version: 1.6.1

cpe:2.3:a:korweblog:korweblog:1.6.1
Korweblog » Korweblog » Version: 1.6.2cvs

cpe:2.3:a:korweblog:korweblog:1.6.2cvs

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1426

Products

Pricing

Contact Us