LightBlog <= 9.9.2 Authentication Bypass / Local File Inclusion Vulnerability

Description:

The issue is due to user-suplpied input passed via the ‘Lightblog_username’ cookie to the check_user.php script is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks, or to bypass the authentication mechanism.

References:

• EDB-8543

Disclosure Date:

April 27, 2009