PT-2009-6270 · Simplog · Simplog
Amol Naik
·
Published
2009-11-27
·
Updated
2017-08-17
·
CVE-2009-4091
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Simplog version 0.9.3.2
Description
The issue concerns improper access restriction in comments.php, allowing remote attackers to modify or delete comments using specific actions, such as the
edit or del action.Recommendations
For Simplog version 0.9.3.2, restrict access to the comments.php file to prevent unauthorized modifications or deletions of comments. Consider temporarily disabling the
edit and del actions until a proper fix is applied.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplog