CVE-2007-4047

Name of the Vulnerable Software and Affected Versions: geoBlog (aka BitDamaged) version 1

Description: The issue allows remote attackers to delete arbitrary comments and blogs without authentication. This is possible due to the lack of authentication requirements for certain API endpoints, specifically deletecomment.php, deleteblog.php, and listcomment.php in the admin/ directory. Attackers can exploit this by sending a request with a valid id parameter to these endpoints, potentially having other unspecified impacts.

Recommendations: For geoBlog (aka BitDamaged) version 1, consider implementing proper authentication mechanisms for the deletecomment.php, deleteblog.php, and listcomment.php endpoints in the admin/ directory to prevent unauthorized access. As a temporary workaround, restrict access to these endpoints to minimize the risk of exploitation.