← back
CVE-2007-4047

CVE-2007-4047

EPSS 3.3%
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/30321unverifiedexploitdbwww.exploit-db.com/exploits/30320unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/42485http://osvdb.org/42486http://osvdb.org/42487http://securityreason.com/securityalert/2934https://exchange.xforce.ibmcloud.com/vulnerabilities/35494http://www.securityfocus.com/archive/1/474127/100/0/threadedhttp://www.securityfocus.com/bid/24966