header-logo
Suggest Exploit
vendor:
geoBlog
by:
Unknown
7.5
CVSS
HIGH
Security Bypass
284
CWE
Product Name: geoBlog
Affected Version From: geoBlog v1
Affected Version To: geoBlog v1
Patch Exists: No
Related CWE: Not applicable
CPE: a:geoblog:geoblog:1.0
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Multiple Security-Bypass Vulnerabilities in geoBlog

geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit these issues to delete blogs and comments regardless of the security settings. This may aid the attacker in further attacks.

Mitigation:

Implement proper user authentication and authorization checks when deleting user blogs and comments. Ensure that only authorized users have the necessary privileges to perform such actions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24966/info

geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments.

An attacker may exploit these issues to delete blogs and comments regardless of the security settings. This may aid the attacker in further attacks.

geoBlog v1 is vulnerable to these issues. 

http://www.example.com/blog/admin/deletecomment.php?id=16

Navigation

Suggest Exploit

Services By CQR