2 matches found
GeoBlog MOD_1.0 - deletecomment.php?id Arbitrary Comment Deletion
GeoBlog MOD1.0 - deletecomment.php?id Arbitrary Comment Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploi...
CVE-2006-0249
CVE-2006-0249 is a concrete SQL injection vulnerability in BitDamaged geoBlog MOD_1.0, specifically affecting viewcat.php via the cat parameter ($tmpCategory). The connected sources confirm that remote attackers can trigger arbitrary SQL commands, with the described impact of credential theft and...