CVE-2009-4091

2009-11-2720:45:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.

References

secunia.com/advisories/21390

www.exploit-db.com/exploits/10180

www.securityfocus.com/bid/37063

exchange.xforce.ibmcloud.com/vulnerabilities/54355