Intrusion Prevention

Simple.PHP.Blog.Arbitrary.File.Deletion

Description

It indicates a possible exploit of a vulnerability in Simple PHP Blog.
Simple PHP Blog could allow a remote attacker to delete arbitrary files, as a result of a vulnerability in the comment_delete_cgi.php script. A remote attacker could send a specially-crafted request to the comment_delete_cgi.php script using the comment parameter to delete arbitrary files on the system or reset the administrator username and password by accessing the install03_cgi.php script.

Affected Products

Alexander Palmo Simple PHP Blog 0.4

Impact

Arbitrary File Deletion.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2005-2787