Vulnerabilities > CVE-2007-3974 - Input Validation vulnerability in Jblog 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description JBlog 1.0 (index.php id) Remote SQL Injection Exploit. CVE-2007-3973,CVE-2007-3974,CVE-2007-4919. Webapps exploit for php platform file exploits/php/webapps/4408.pl id EDB-ID:4408 last seen 2016-01-31 modified 2007-09-14 platform php port published 2007-09-14 reporter s4mi source https://www.exploit-db.com/download/4408/ title JBlog 1.0 index.php id Remote SQL Injection Exploit type webapps description JBlog 1.0 Create / Delete Admin Authentication Bypass Exploit. CVE-2007-3973,CVE-2007-3974,CVE-2007-4919. Webapps exploit for php platform file exploits/php/webapps/4211.html id EDB-ID:4211 last seen 2016-01-31 modified 2007-07-21 platform php port published 2007-07-21 reporter s4mi source https://www.exploit-db.com/download/4211/ title JBlog 1.0 Create / Delete Admin Authentication Bypass Exploit type webapps
References
- http://osvdb.org/38561
- http://secunia.com/advisories/26165
- http://securityreason.com/securityalert/2919
- http://www.securityfocus.com/archive/1/474320/100/0/threaded
- http://www.securityfocus.com/bid/24991
- http://www.vupen.com/english/advisories/2007/2611
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35550
- https://www.exploit-db.com/exploits/4211