Main Vulnerability Database Vulnerabilities #VU76813

PHP file inclusion in Blog-in-Blog - CVE-2023-2435

Published: June 2, 2023

Vulnerability identifier: #VU76813

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-2435

CWE-ID: CWE-98

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Blog-in-Blog

Software vendor:
Tim Hodson

Description

The vulnerability allows a remote user to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files. A remote administrator can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.wordfence.com/threat-intel/vulnerabilities/id/d53161ad-cc5f-4433-b288-a8095cdfd7db?source=cve
https://plugins.trac.wordpress.org/browser/blog-in-blog/tags/1.1.1/blog-in-blog.php#L153

PHP file inclusion in Blog-in-Blog - CVE-2023-2435

Description

Remediation

External links

Please verify you're human