CVE-2022-34012

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges...

CVE-2021-46085

CVE-2021-46085 relates to OneBlog versions 2.2.8 and earlier, described across multiple sources as a Permissions/Access Control issue. The vulnerability allows a low-level administrator to delete or remove a high-level administrator beyond their authority due to insecure permissions. Sources cons...