Published: 21/12/2009 Updated: 17/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
scriptsez ez blog 1.0

[#-----------------------------------------------------------------------------------------------#] [#] Title: Ez Cart Multiple XSRF Vulnerabilities [#] Author: Milos Zivanovic [#] Email: miloszsecurity[at]gmailcom [#] Date: 15 December 2009 [#-----------------------------------------------------------------------------------------------#] [#] ...

[#-----------------------------------------------------------------------------------------------#] [#] Title: Ez Blog (XSS/XSRF) Multiple Vulnerabilities [#] Author: Milos Zivanovic [#] Email: miloszsecurity[at]gmailcom [#] Date: 15 December 2009 [#-----------------------------------------------------------------------------------------------# ...

CWE-352 http://osvdb.org/61114 http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt http://secunia.com/advisories/37743 https://exchange.xforce.ibmcloud.com/vulnerabilities/54895 https://nvd.nist.gov https://www.exploit-db.com/exploits/10461/

CVE-2009-4365

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect