Published: 27/07/2007 Updated: 15/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 650

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote malicious users to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
geoblog geoblog 1

source: wwwsecurityfocuscom/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments An attacker may exploit these issues to delete blogs and comments regardless of the security settings This may aid the attacker in further ...

source: wwwsecurityfocuscom/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments An attacker may exploit these issues to delete blogs and comments regardless of the security settings This may aid the attacker in furth ...

NVD-CWE-Other http://www.securityfocus.com/bid/24966 http://securityreason.com/securityalert/2934 http://osvdb.org/42486 http://osvdb.org/42485 http://osvdb.org/42487 https://exchange.xforce.ibmcloud.com/vulnerabilities/35494 http://www.securityfocus.com/archive/1/474127/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30320/

CVE-2007-4047

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect