Vulnerabilities > CVE-2007-4047 - Security Bypass vulnerability in Geoblog 1

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

geoblog

exploit available

NVD

Published: 2007-07-27

Updated: 2018-10-15

Summary

geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Geoblog Geoblog Geoblog 1	1

Exploit-Db

description	geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion. CVE-2007-4047. Webapps exploit for php platform
id	EDB-ID:30320
last seen	2016-02-03
modified	2007-07-19
published	2007-07-19
reporter	joseph.giron13
source	https://www.exploit-db.com/download/30320/
title	geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion

description	geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion. CVE-2007-4047. Webapps exploit for php platform
id	EDB-ID:30321
last seen	2016-02-03
modified	2007-07-19
published	2007-07-19
reporter	joseph.giron13
source	https://www.exploit-db.com/download/30321/
title	geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion

Summary

Vulnerable Configurations

Exploit-Db

References