CVE-2007-3974

JBlog 1.0 - Unauthenticated Arbitrary Account Creation via admin/ajoutaut.php

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3974. PoCs published by s4mi.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in JBlog 1.0, including XSS, cookie manipulation, and privilege escalation. It allows an attacker to create an admin account, manipulate cookies, and execute arbitrary JavaScript.

Description

admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.

Exploits (2)

exploitdb WORKING POC VERIFIED

by s4mi · htmlwebappsphp

https://www.exploit-db.com/exploits/4211

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in JBlog 1.0, including XSS, cookie manipulation, and privilege escalation. It allows an attacker to create an admin account, manipulate cookies, and execute arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: JBlog 1.0

No auth needed

Prerequisites: Access to the target JBlog installation

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/4408