WikyBlog Multiple Remote Input Validation Vulnerabilities
WikyBlog is prone to multiple vulnerabilities, including an arbitrary-file-upload issue, a cross-site scripting issue, a remote file-include issue, and a session-fixation issue.
Attackers can exploit these issues to:
- run arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
- steal cookie-based authentication credentials.
- upload arbitrary PHP scripts and run them in the context of the webserver.
- compromise the application and the underlying system.
- hijack a user's session and gain unauthorized access to the affected application.
WikyBlog 1.7.3rc2 is vulnerable; other versions may also be affected.