CVE-2006-2770

Pppblog < 0.3.8 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].

Exploits (2)

exploitdb WORKING POC VERIFIED
by JosS · textwebappsphp
https://www.exploit-db.com/exploits/6972
exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/1853

References (8)

Scores

EPSS 0.2207
EPSS Percentile 95.7%

Classification

Status draft

Affected Products (1)

pppblog/pppblog < 0.3.8

Timeline

Published Jun 02, 2006
Tracked Since Feb 18, 2026