CVE-2006-0371
Description
Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:noah_medling:rcblog:1.03:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:noah_medling:rcblog:1.03:*:*:*:*:*:*:*
- (no CPE)range: = 1.03
Patches
Vulnerability mechanics
Root cause
"Missing input sanitization of the $_GET['post'] parameter in index.php allows directory traversal."
Attack vector
An attacker sends a crafted HTTP GET request to `index.php` with a `post` parameter containing `../` sequences to traverse directories. For example, requesting `http://host/rcblog/index.php?post=../config/password` reads the password file outside the intended directory [ref_id=1]. The attacker does not need authentication because the parameter is not sanitized before file access.
Affected code
The vulnerability is in `index.php`, specifically the `$_GET['post']` parameter which is not properly sanitized before being used to open files. The advisory notes that directory traversal is possible via a `..` (dot dot) sequence in the `post` parameter, allowing arbitrary `.txt` files to be read [ref_id=1].
What the fix does
The advisory states that no patch or solution is available from the vendor [ref_id=1]. To close the vulnerability, the application must validate and sanitize the `post` parameter to reject path traversal sequences (e.g., `../`) and restrict file access to an allowed set of files within the intended directory.
Preconditions
- networkThe attacker must be able to send HTTP requests to the vulnerable RCBlog instance.
- authNo authentication is required; the vulnerable parameter is accessible to unauthenticated users.
- inputThe target file must have a .txt extension, as the script appends or restricts to that extension.
Reproduction
Visit `http://host/rcblog/index.php?post=../config/password` to read the password file. This PoC is documented in the advisory [ref_id=1].
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- evuln.com/vulns/42/summary.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/16342nvdExploit
- secunia.com/advisories/18547nvdVendor Advisory
- www.fluffington.com/index.phpnvdURL Repurposed
- securitytracker.com/idnvd
- www.osvdb.org/22680nvd
- www.securityfocus.com/archive/1/422499/100/0/threadednvd
- www.securityfocus.com/archive/1/425392/100/0/threadednvd
- www.securityfocus.com/archive/1/436784/30/4500/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24248nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27042nvd
News mentions
0No linked articles in our index yet.