geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion

2014-07-01T00:00:00
ID SSV:83746
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/24966/info

geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments.

An attacker may exploit these issues to delete blogs and comments regardless of the security settings. This may aid the attacker in further attacks.

geoBlog v1 is vulnerable to these issues. 

http://www.example.com/blog/admin/deletecomment.php?id=16