CVE-2007-5374

Lightblog - Authentication Bypass

Title source: rule

Description

cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/4505

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37050

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25990

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4505

[Third Party Advisory] http://secunia.com/advisories/27164

Scores

EPSS 0.0459

EPSS Percentile 89.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

lightblog/lightblog

Timeline

Published Oct 11, 2007

Tracked Since Feb 18, 2026