egix@karmainsecurity ~ $

LightBlog <= 9.9.2 (register.php) PHP Code Injection Vulnerability

Description:

LightBlog contains a flaw that allows malicious users to execute arbitrary PHP code. The issue is due to user-supplied input passed via multiple parameters to register.php is not properly sanitized before being stored within a php file.

References:

Disclosure Date:

April 27, 2009