VYPR
Unrated severityNVD Advisory· Published Dec 24, 2009· Updated Jun 16, 2026

CVE-2009-4421

CVE-2009-4421

Description

Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*range: <=0.5.1
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.3.7c:*:*:*:*:*:*:*
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:alexander_palmo:simple_php_blog:0.5.0.1:*:*:*:*:*:*:*
  • Range: <=0.5.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.