{"id": "CVE-2006-0312", "bulletinFamily": "NVD", "title": "CVE-2006-0312", "description": "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.", "published": "2006-01-19T01:03:00", "modified": "2017-07-20T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0312", "reporter": "cve@mitre.org", "references": ["http://mikeheltonisawesome.com/viewcomments.php?idd=46", "http://www.securityfocus.com/bid/16286", "http://evuln.com/vulns/37/summary.html", "http://www.vupen.com/english/advisories/2006/0240", "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html", "http://secunia.com/advisories/16889", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24143"], "cvelist": ["CVE-2006-0312"], "type": "cve", "lastseen": "2019-05-29T18:08:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "cce1a2977e47be36b40577ec1d3d7c89"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9a8b6bf1966c63decedb250f7b8d12b2"}, {"key": "cpe23", "hash": "ebc4fdcb8977a4358e1da206918fc49c"}, {"key": "cvelist", "hash": "2706823b7afa957a2ba2786a6fd43558"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss2", "hash": "e2b44d17a049a159a684c7e2b843b3fa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "971d498dc28a37bcc0d9e8f418d69928"}, {"key": "href", "hash": "1127c29ec14c228316c186fd7f559577"}, {"key": "modified", "hash": "8beb21540db0e4c02532c0e597356857"}, {"key": "published", "hash": "8e16ad2050403fcbd2e8a31cf1a30de3"}, {"key": "references", "hash": "c21a0a4878d17f1831f9e28eebd6f702"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "f2a7be078a3d0586116733e689e32577"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a71d436ab86f294d34eed548595de99034856c3871fed661dbc446652ccab0c5", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:22528"]}, {"type": "exploitdb", "idList": ["EDB-ID:27106"]}], "modified": "2019-05-29T18:08:30"}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T18:08:30"}, "vulnersScore": 6.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:mike_helton:aoblogger:2.3"], "affectedSoftware": [{"name": "mike_helton aoblogger", "operator": "eq", "version": "2.3"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mike_helton:aoblogger:2.3:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-03T05:07:22", "bulletinFamily": "exploit", "description": "aoblogger 2.3 create.php Unauthenticated Entry Creation. CVE-2006-0312. Webapps exploit for php platform", "modified": "2006-01-17T00:00:00", "published": "2006-01-17T00:00:00", "id": "EDB-ID:27106", "href": "https://www.exploit-db.com/exploits/27106/", "type": "exploitdb", "title": "aoblogger 2.3 create.php Unauthenticated Entry Creation", "sourceData": "source: http://www.securityfocus.com/bid/16286/info\r\n \r\nAOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could allow an attacker to:\r\n \r\n- compromise the application\r\n- access, modify, or create data\r\n- steal cookie-based authentication credentials.\r\n \r\nAn attacker may also be able to exploit vulnerabilities in the underlying database implementation and to launch other attacks.\r\n \r\nVersion 2.3 is vulnerable; other versions may also be affected. \r\n\r\nAn example of new entry creation without proper authorization has been provided:\r\n\r\n<form action=\"http://www.example.com/aoblogger/create.php\" method=\"post\">\r\n<input name=\"uza\" value=1>\r\n<input name=\"title\" value=\"anytitle\">\r\n<textarea name=\"message\">anymessage&lt;/textarea&gt;\r\n</form> ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27106/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://mikeheltonisawesome.com/\n[Secunia Advisory ID:16889](https://secuniaresearch.flexerasoftware.com/advisories/16889/)\n[Related OSVDB ID: 22526](https://vulners.com/osvdb/OSVDB:22526)\n[Related OSVDB ID: 22527](https://vulners.com/osvdb/OSVDB:22527)\nOther Advisory URL: http://evuln.com/vulns/37/summary.html\nMail List Post: http://attrition.org/pipermail/vim/2006-April/000700.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html\nKeyword: EV0037\nFrSIRT Advisory: ADV-2006-0240\n[CVE-2006-0312](https://vulners.com/cve/CVE-2006-0312)\nBugtraq ID: 16286\n", "modified": "2006-01-16T04:18:26", "published": "2006-01-16T04:18:26", "href": "https://vulners.com/osvdb/OSVDB:22528", "id": "OSVDB:22528", "type": "osvdb", "title": "aoblogger create.php Unauthenticated Entry Creation", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}