CVE-2009-4909

admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests.