CVE-2008-0329

Name of the Vulnerable Software and Affected Versions LulieBlog versions 1.0.1 through 1.0.2

Description The issue allows remote attackers to accept comments, delete comments, and delete articles. This is possible due to a lack of access restriction to certain PHP files in the Admin/ directory, specifically (1) article suppr.php, (2) comment accepter.php, and (3) comment refuser.php, which can be exploited using the id parameter.

Recommendations For LulieBlog versions 1.0.1 and 1.0.2, restrict access to the "article suppr.php", "comment accepter.php", and "comment refuser.php" files in the Admin/ directory to prevent unauthorized actions. As a temporary workaround, consider restricting the use of the id parameter in these files until a proper fix is applied.