CVE-2007-4047
published 2007-07-27CVE-2007-4047: geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows…
PriorityP340medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
3.28%
86.9th percentile
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geoblog | geoblog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GeoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion
exploitdb·2007-07-19
CVE-2007-4047 GeoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion
GeoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion
---
source: https://www.securityfocus.com/bid/24966/info
geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments.
An attacker may exploit these issues to delete blogs and comments regardless of the security settings. This may aid the attacker in further attacks.
geoBlog v1 is vulnerable to these issues.
http://www.example.com/blog/admin/deletecomment.php?id=16
Exploit-DB
GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion
exploitdb·2007-07-19
CVE-2007-4047 GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion
GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion
---
source: https://www.securityfocus.com/bid/24966/info
geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments.
An attacker may exploit these issues to delete blogs and comments regardless of the security settings. This may aid the attacker in further attacks.
geoBlog v1 is vulnerable to these issues.
http://www.example.com/blog/admin/deleteblog.php?id=15
No writeups or analysis indexed.
http://osvdb.org/42485http://osvdb.org/42486http://osvdb.org/42487http://securityreason.com/securityalert/2934http://www.securityfocus.com/archive/1/474127/100/0/threadedhttp://www.securityfocus.com/bid/24966https://exchange.xforce.ibmcloud.com/vulnerabilities/35494http://osvdb.org/42485http://osvdb.org/42486http://osvdb.org/42487http://securityreason.com/securityalert/2934http://www.securityfocus.com/archive/1/474127/100/0/threadedhttp://www.securityfocus.com/bid/24966https://exchange.xforce.ibmcloud.com/vulnerabilities/35494
2007-07-27
Published