PT-2007-2865 · Orion · Orion-Blog

Published

2007-03-16

Updated

2018-10-16

CVE-2007-1471

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Orion-Blog version 2.0

Description The issue allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for "admin/AdminBlogNewsEdit.asp" in the admin/default.asp file.

Recommendations For Orion-Blog version 2.0, restrict access to the admin/default.asp file and the admin/AdminBlogNewsEdit.asp page to minimize the risk of exploitation. Consider implementing proper authentication controls to prevent unauthorized access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1471

Affected Products

Orion-Blog

PT-2007-2865 · Orion · Orion-Blog

CVE-2007-1471

Related Identifiers

Affected Products

References · 5