Vulnerabilities > CVE-2007-4047 - Security Bypass vulnerability in Geoblog 1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion. CVE-2007-4047. Webapps exploit for php platform id EDB-ID:30320 last seen 2016-02-03 modified 2007-07-19 published 2007-07-19 reporter joseph.giron13 source https://www.exploit-db.com/download/30320/ title geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion description geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion. CVE-2007-4047. Webapps exploit for php platform id EDB-ID:30321 last seen 2016-02-03 modified 2007-07-19 published 2007-07-19 reporter joseph.giron13 source https://www.exploit-db.com/download/30321/ title geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion