PT-2009-3042 · Max · Max.Blog
Sirgod
·
Published
2009-02-02
·
Updated
2024-02-14
·
CVE-2009-0383
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Max.Blog version 1.0.6
Description
The issue concerns improper access restriction in the delete.php file, allowing remote attackers to delete arbitrary blog posts by making a direct request.
Recommendations
For Max.Blog version 1.0.6, restrict access to the delete.php file to prevent unauthorized deletion of blog posts. As a temporary workaround, consider disabling the delete functionality until a proper fix is implemented.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Max.Blog