Simple.PHP.Blog.Arbitrary.File.Deletion

description-logoDescription

It indicates a possible exploit of a vulnerability in Simple PHP Blog.
Simple PHP Blog could allow a remote attacker to delete arbitrary files, as a result of a vulnerability in the comment_delete_cgi.php script. A remote attacker could send a specially-crafted request to the comment_delete_cgi.php script using the comment parameter to delete arbitrary files on the system or reset the administrator username and password by accessing the install03_cgi.php script.

affected-products-logoAffected Products

Alexander Palmo Simple PHP Blog 0.4

Impact logoImpact

Arbitrary File Deletion.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978