JVN#03975805: a-blog cms vulnerable to session management

2016-05-16T00:00:00
ID JVN:03975805
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-05-16T00:00:00

Description

## Description

a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a vulnerability in session management of the comment functionality.

## Impact

An arbitrary comment posted may be deleted or a commenter's e-mail address may be obtained by an unauthenticated remote attacker.

## Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
If a user has customized a-blog cms, modifying some of the templates may be necessary.
For details, refer to the readme.md contained in the patch.

## Products Affected

  • a-blog cms 2.6.0.1 and earlier