Description
Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Danny Moules · textwebappsphp
https://www.exploit-db.com/exploits/7831
References (5)
Core 5
Core References
Exploit, URL Repurposed x_refsource_misc
https://www.push55.co.uk/poclibrary/ninjadesignscouk-1.txt
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7831
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33573
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33351
URL Repurposed x_refsource_misc
http://www.push55.co.uk/index.php?s=ad&id=6
Scores
EPSS
0.0544
EPSS Percentile
90.2%
Details
CWE
CWE-22
Status
published
Products (1)
ninjadesigns/ninja_blog
4.8
Published
Jan 29, 2009
Tracked Since
Feb 18, 2026