admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote malicious users to create arbitrary accounts via modified mot and droit parameters.
jblog jblog 1.0