6.8 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.4%
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
secunia.com/advisories/21390
www.exploit-db.com/exploits/10180
www.securityfocus.com/bid/37063
exchange.xforce.ibmcloud.com/vulnerabilities/54355