CVE-2009-0325 Information

Description

Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8 when magic_quotes_gpc is disabled allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.

Reference

http://secunia.com/advisories/33573 http://www.push55.co.uk/index.php?s=ad&id=6 http://www.securityfocus.com/bid/33351 https://www.exploit-db.com/exploits/7831 https://www.push55.co.uk/poclibrary/ninjadesignscouk-1.txt