CVE-2009-4421

Simple PHP Blog <0.5.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4421. PoCs published by jgaliana.

AI-analyzed exploit summary This exploit leverages a local file inclusion vulnerability in Simple PHP Blog 0.5.1 by manipulating the 'blog_language1' parameter to traverse directories and include arbitrary files. It sends a crafted POST request to 'languages_cgi.php' with a null byte to bypass sanitization.

Description

Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.

Exploits (1)

exploitdb WORKING POC
by jgaliana · perlwebappsphp
https://www.exploit-db.com/exploits/10604

This exploit leverages a local file inclusion vulnerability in Simple PHP Blog 0.5.1 by manipulating the 'blog_language1' parameter to traverse directories and include arbitrary files. It sends a crafted POST request to 'languages_cgi.php' with a null byte to bypass sanitization.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Simple PHP Blog <= 0.5.1
Auth required
Prerequisites: valid session cookie (sid) · access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37434
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508546/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54970

Scores

EPSS 0.0200
EPSS Percentile 78.1%

Details

CWE
CWE-22
Status published
Products (8)
alexander_palmo/simple_php_blog 0.3.7c
alexander_palmo/simple_php_blog 0.4.0
alexander_palmo/simple_php_blog 0.4.5
alexander_palmo/simple_php_blog 0.4.6
alexander_palmo/simple_php_blog 0.4.7
alexander_palmo/simple_php_blog 0.4.7.1
alexander_palmo/simple_php_blog 0.5.0.1
alexander_palmo/simple_php_blog < 0.5.1
Published Dec 24, 2009
Tracked Since Feb 18, 2026