CVE-2006-1114
Loudblog - Directory Traversal via Template, Page, or Language Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2006-1114. PoCs published by tzitaroth.
AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Loudblog 0.41, including SQL injection, local file inclusion, and information disclosure. It includes example URLs demonstrating the LFI vulnerabilities but does not contain executable exploit code.
Description
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
Exploits (2)
The provided text describes multiple vulnerabilities in Loudblog 0.41, including SQL injection, local file inclusion, and information disclosure. It includes example URLs demonstrating the LFI vulnerabilities but does not contain executable exploit code.
The provided text describes multiple vulnerabilities in Loudblog 0.41, including SQL injection, local file inclusion, and information disclosure. It includes a sample HTTP POST request demonstrating a path traversal attempt via the 'language' parameter.