CVE-2006-0312

aoblogger 2.3 - Unauthenticated Blog Entry Creation via uza Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0312. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The provided text describes an input-validation vulnerability in AOblogger 2.3, allowing unauthorized entry creation via a crafted POST request. It includes a basic HTML form example demonstrating the exploit but lacks executable code.

Description

create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Aliaksandr Hartsuyeu · textwebappsphp
https://www.exploit-db.com/exploits/27106

The provided text describes an input-validation vulnerability in AOblogger 2.3, allowing unauthorized entry creation via a crafted POST request. It includes a basic HTML form example demonstrating the exploit but lacks executable code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: AOblogger 2.3
No auth needed
Prerequisites: Access to the target application's create.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16889
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24143
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0240
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html
URL Repurposed x_refsource_confirm
http://mikeheltonisawesome.com/viewcomments.php?idd=46
Exploit, Vendor Advisory x_refsource_misc
http://evuln.com/vulns/37/summary.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16286

Scores

EPSS 0.0286
EPSS Percentile 84.9%

Details

Status published
Products (1)
mike_helton/aoblogger 2.3
Published Jan 19, 2006
Tracked Since Feb 18, 2026