Lucene search

[email protected]CVE-2008-0329

HistoryJan 17, 2008 - 10:00 p.m.

CVE-2008-0329

2008-01-1722:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0329

lulieblog

unauthorized access

remote attackers

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.

Affected configurations

NVD

Node

julien_plesniaklulieblogMatch1.0.1

julien_plesniaklulieblogMatch1.0.2

CPENameOperatorVersion
julien_plesniak:lulieblogjulien plesniak lulieblogeq1.0.1
julien_plesniak:lulieblogjulien plesniak lulieblogeq1.0.2

CPE	Name	Operator	Version
julien_plesniak:lulieblog	julien plesniak lulieblog	eq	1.0.1
julien_plesniak:lulieblog	julien plesniak lulieblog	eq	1.0.2

References

secunia.com/advisories/28432

www.securityfocus.com/bid/27290

exchange.xforce.ibmcloud.com/vulnerabilities/39669

www.exploit-db.com/exploits/4912

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2008-0329

prion1 nvd1 cvelist1