geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion

2007-07-19T00:00:00
ID EDB-ID:30321
Type exploitdb
Reporter joseph.giron13
Modified 2007-07-19T00:00:00

Description

geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion. CVE-2007-4047. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/24966/info
 
geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments.
 
An attacker may exploit these issues to delete blogs and comments regardless of the security settings. This may aid the attacker in further attacks.
 
geoBlog v1 is vulnerable to these issues. 

http://www.example.com/blog/admin/deleteblog.php?id=15