CVE-2009-4365

Name of the Vulnerable Software and Affected Versions ScriptsEz Ez Blog version 1.0

Description The issue affects the admin.php script, allowing remote attackers to exploit multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities enable attackers to hijack the authentication of administrators for various actions, including adding a blog via the "add blog" action, approving a comment via the "approve comment" action, changing administrator information (including the password) via the "admin opt" action, and deleting a blog via the "delete" action.

Recommendations For ScriptsEz Ez Blog version 1.0, as a temporary workaround, consider disabling the admin.php script until a patch is available. Restrict access to the admin.php script to minimize the risk of exploitation. Avoid using the actions add blog, approve comment, admin opt, and delete in the admin.php script until the issue is resolved.