Description
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by joseph.giron13 · textwebappsphp
https://www.exploit-db.com/exploits/30320
exploitdb
WRITEUP
VERIFIED
by joseph.giron13 · textwebappsphp
https://www.exploit-db.com/exploits/30321
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42487
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2934
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35494
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42486
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24966
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474127/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42485
Scores
EPSS
0.2160
EPSS Percentile
95.8%
Details
Status
published
Products (1)
geoblog/geoblog
1
Published
Jul 27, 2007
Tracked Since
Feb 18, 2026