WikyBlog Multiple Remote Input Validation Vulnerabilities

WikyBlog is prone to multiple vulnerabilities, including an arbitrary-file-upload issue, a cross-site scripting issue, a remote file-include issue, and a session-fixation issue.

Attackers can exploit these issues to:

- run arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
- steal cookie-based authentication credentials.
- upload arbitrary PHP scripts and run them in the context of the webserver.
- compromise the application and the underlying system.
- hijack a user's session and gain unauthorized access to the affected application.

WikyBlog 1.7.3rc2 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus