oCERT-2011-001 Chyrp input sanitization errors
The Chyrp framework, an open source blogging engine, suffers from cross-site scripting (XSS) and local file inclusion (LFI) vulnerabilities.
Insufficient path sanitization on the root 'action' query string parameter leads to inclusion of arbitrary files from local sources, this could be exploited to read arbitrary accessible files on the hosting server filesystem and potentially execute arbitrary commands or code.
Chyrp <= 2.1
Credit: vulnerability report and PoC code received from Eldar Marcussen <wireghoul [at] justanotherhacker [dot] com>.
2011-05-17: vulnerability report received
2010-05-17: contacted chyrp maintainers
2010-07-13: oCERT advisory published jointly with reporter advisory
2010-07-14: assigned CVE