CVE-2006-2859

Published: Jun 6, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution

Affected (1)

Products: Mywebland: Mybloggie

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mywebland Mybloggie	Version 2.1.1

References (10)

http://securityreason.com/securityalert/1049

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435789/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435866/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/436124/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18241

Source: cve@mitre.org

Exploit

http://securityreason.com/securityalert/1049

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/435789/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/435866/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/436124/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18241

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.