cbcvebase.
CVE-2007-3974
published 2007-07-25

CVE-2007-3974: admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit…

PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.67%
88.3th percentile
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.

Affected

1 ranges
VendorProductVersion rangeFixed in
jblogjblog

Detection & IOCsextracted from sources · hover to see the quote

urladmin/ajoutaut.php
urlindex.php?id='union%20select%200,login,pass,3,4,5%20from%20auteur%20WHERE%20id=1/*
commandunion%20select%200,login,pass,3,4,5%20from%20auteur%20WHERE%20id=1/*
path/jblog/recherche.php
urladmin/supauteur.php?cat=
pathadmin/modifpost.php?id=
  • Monitor HTTP GET requests to index.php containing SQL UNION injection patterns targeting the 'id' parameter, specifically selecting from the 'auteur' table.
  • Alert on unauthenticated POST requests to admin/ajoutaut.php with 'mot' and 'droit' parameters, indicating an attempt to create unauthorized admin accounts.
  • Detect manipulation of the 'theme' cookie value in JBlog requests, which may indicate XSS/cookie injection attempts.
  • Use Google dork to identify exposed JBlog 1.0 instances as potential targets: search for the string 'propulsé par JBlog'.
  • Flag requests to admin/supauteur.php with a 'cat' parameter, which the exploit uses to delete admin accounts after privilege escalation.
  • ·The exploit targets port 80 (plain HTTP) only; HTTPS deployments would not be reached by this specific exploit script as written.
  • ·The SQL injection payload specifically extracts credentials from the 'auteur' table where id=1, meaning only the first registered user (typically admin) is targeted by the default exploit.
  • ·Newly created accounts via the privilege escalation exploit receive a default password of 'admin' (MD5: e10adc3949ba59abbe56e057f20f883e), which should be checked during incident response.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.