Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 07/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

del.php in miniBloggie 1.0 allows remote malicious users to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mywebland minibloggie 1.0

# MiniBloggie Arbitrary Delete Post Vulnerability # Author: Cod3rZ # Site: cod3rzhellowebeu # PoC: # if (isset($_GET['post_id'])) $post_id = $_GET['post_id']; # if (isset($_GET['confirm'])) $confirm = $_GET['confirm']; # [] # elseif ($confirm=="yes") { # [] # $sql = "DELETE FROM blogdata WHERE post_id=$post_id"; # $query = mysql_qu ...

CWE-264 http://www.securityfocus.com/bid/29115 https://exchange.xforce.ibmcloud.com/vulnerabilities/42300 https://www.exploit-db.com/exploits/5568 https://nvd.nist.gov https://www.exploit-db.com/exploits/5568/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-6650

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect