{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T22:43:45.497","vulnerabilities":[{"cve":{"id":"CVE-2009-4421","sourceIdentifier":"cve@mitre.org","published":"2009-12-24T17:30:00.297","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en languages_cgi.php en Simple PHP Blog v0.5.1 y anteriores permite a usuarios autenticados incluir y ejecutar ficheros a su elección a través de .. (punto punto) en el parámetro blog_language1."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*","versionEndIncluding":"0.5.1","matchCriteriaId":"801C2AC1-F15E-4F78-BC9C-8395B31F6D69"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.3.7c:*:*:*:*:*:*:*","matchCriteriaId":"CA3A47B4-46A9-49DF-A06B-D76FA67318EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5484A9DD-01B6-42AC-AF93-F2B4CA33DB4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.5:*:*:*:*:*:*:*","matchCriteriaId":"10B1AB7A-63C5-43EA-8EF0-1934EE174719"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.6:*:*:*:*:*:*:*","matchCriteriaId":"AA9FA414-82D3-4540-99E1-35E6680316FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.7:*:*:*:*:*:*:*","matchCriteriaId":"52D0A226-6644-46C6-95ED-FAD553F6C736"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"7FDC4414-F257-461B-AE73-9F295EB4F978"},{"vulnerable":true,"criteria":"cpe:2.3:a:alexander_palmo:simple_php_blog:0.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"26D83F04-D2F2-4530-9A56-6650AA40BBB7"}]}]}],"references":[{"url":"http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0398.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/508546/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/37434","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54970","source":"cve@mitre.org"},{"url":"http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0398.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/508546/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/37434","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54970","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}