Test ID:	1.3.6.1.4.1.25623.1.0.20825
Category:	Web application abuses
Title:	RCBlog post Parameter Directory Traversal Vulnerability
Summary:	The remote version of RCBlog fails to sanitize user-supplied; input to the 'post' parameter of the 'index.php' script.
Description:	Summary: The remote version of RCBlog fails to sanitize user-supplied input to the 'post' parameter of the 'index.php' script. Vulnerability Impact: An attacker can use this to access arbitrary files on the remote host provided PHP's 'magic_quotes' setting is disabled or, regardless of that setting, files with a '.txt' extension such as those used by the application to store administrative credentials. Solution: Remove the application as its author no longer supports it. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0370 Bugtraq: 20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure (Google Search) http://www.securityfocus.com/archive/1/422499/100/0/threaded http://evuln.com/vulns/42/summary.html http://www.fluffington.com/index.php?page=rcblog http://www.osvdb.org/22679 http://securitytracker.com/id?1015523 http://secunia.com/advisories/18547 XForce ISS Database: rcblog-data-config-insecure-directories(24249) https://exchange.xforce.ibmcloud.com/vulnerabilities/24249 Common Vulnerability Exposure (CVE) ID: CVE-2006-0371 BugTraq ID: 16342 http://www.securityfocus.com/bid/16342 Bugtraq: 20060218 RCblog exploit [fun] (Google Search) http://www.securityfocus.com/archive/1/425392/100/0/threaded Bugtraq: 20060611 RCblog 1.03 Directory Traversal [index.php] (Google Search) http://www.securityfocus.com/archive/1/436784/30/4500/threaded http://www.osvdb.org/22680 XForce ISS Database: rcblog-index-directory-traversal(24248) https://exchange.xforce.ibmcloud.com/vulnerabilities/24248 XForce ISS Database: rcblog-index-file-include(27042) https://exchange.xforce.ibmcloud.com/vulnerabilities/27042
Copyright	Copyright (C) 2006 Josh Zlatin-Amishav

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.