Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1243


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1243
Last Modified 07 Mar 2011 09:32:30
Published 15 Mar 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

Vulnerable Systems


  • Alexander Palmo Simple Php Blog 0.4.0

  • Alexander Palmo Simple Php Blog 0.4.5

  • Alexander Palmo Simple Php Blog 0.4.6

  • Alexander Palmo Simple Php Blog 0.4.7

  • Alexander Palmo Simple Php Blog


XF - simplephpblog-install05-file-include(25322)

VUPEN - ADV-2006-1007

BID - 17102

SECUNIA - 19270

MILW0RM - 1581

VIM - Vendor ACK for CVE-2006-1243 (older Simple PHP Blog)


Last Updated: 27 May 2016 10:41:59