Code injection

2008-01-1722:00:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.

CPENameOperatorVersion
lulieblogeq1.0.1
lulieblogeq1.0.2

CPE	Name	Operator	Version
	lulieblog	eq	1.0.1
	lulieblog	eq	1.0.2

References

secunia.com/advisories/28432

www.securityfocus.com/bid/27290

exchange.xforce.ibmcloud.com/vulnerabilities/39669

www.exploit-db.com/exploits/4912