Vulnerability Key Information Vulnerability Type: RFI (Remote File Inclusion) Affected Project: PHPBlog Project Link: http://sourceforge.net/projects/phpblog/ Download Link: http://surfnet.dl.sourceforge.net/sourceforge/phpblog/PHPBlog__0_1_Alpha.zip Vulnerable Files: - File: - Line: 44 - Code: - File: - Line: 12 - Code: Version: 0.2 (early version handling 133 projects) Related Projects: - RFI (0.2): phpDynaSite - RFI (0.2): ClanLite - RFI (0.2): phpFLL – Fantasy Football League Manager Additional Information Release Date: September 13, 2007 Poster: arfis Status: Version 0.3, currently not running TODO: - Obtain scripts from hotscripts.com - Check .htaccess files to prevent RFI - Check if variables are DOCUMENT_ROOT - Other improvements Notes: Discovered RFI vulnerabilities may not be rechecked, even if they are ineffective. Discovered vulnerabilities do not necessarily indicate low value of project.php.