CVE

Id
30446  
CVE No.
CVE-2008-0329  
Status
Candidate  
Description
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.  
Phase
Assigned (20080117)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
323115 30446 CVE-2008-0329 MILW0RM:4912  View
323116 30446 CVE-2008-0329 URL:http://www.milw0rm.com/exploits/4912  View
323117 30446 CVE-2008-0329 BID:27290  View
323118 30446 CVE-2008-0329 URL:http://www.securityfocus.com/bid/27290  View
323119 30446 CVE-2008-0329 SECUNIA:28432  View
323120 30446 CVE-2008-0329 URL:http://secunia.com/advisories/28432  View
323121 30446 CVE-2008-0329 XF:lulieblog-admin-security-bypass(39669)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47303 JVNDB-2008-002613 ASP.NET 用の AfterLogic MailBee WebMail Pro の download_view_attachment.aspx におけるディレクトリトラバーサルの脆弱性 ASP.NET 用の AfterLogic MailBee WebMail Pro の download_view_attachment.aspx には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-0333 30446 5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002613.html  View