CVE-2008-2524

2008-06-0315:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

JSON

BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.

References

secunia.com/advisories/30165

www.davidsopas.com/soapbox/blogphp.txt

www.securityfocus.com/bid/29133

exchange.xforce.ibmcloud.com/vulnerabilities/42372