Description: snilabs has reported a security issue in PHP-Blogger, which can be exploited by malicious people to disclose sensitive information. The problem is that database files (.db) by default are stored inside the web root and are not correctly protected against being accessed directly on some server configurations. This can e.g. be exploited to disclose the admin password. NOTE: Systems running Apache with support for .htaccess files are not affected by this issue. Solution: Configure PHP-Blogger to access database files in a directory outside the web root. Reproducible: Always Steps to Reproduce: 1. 2. 3.
I see PHP-Blogger nowhere in the tree.