Description
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Aliaksandr Hartsuyeu · textwebappsphp
https://www.exploit-db.com/exploits/27106
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16889
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24143
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0240
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html
URL Repurposed x_refsource_confirm
http://mikeheltonisawesome.com/viewcomments.php?idd=46
Exploit, Vendor Advisory x_refsource_misc
http://evuln.com/vulns/37/summary.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16286
Scores
EPSS
0.1271
EPSS Percentile
94.0%
Details
Status
published
Products (1)
mike_helton/aoblogger
2.3
Published
Jan 19, 2006
Tracked Since
Feb 18, 2026