Description
cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/4505
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37050
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25990
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4505
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27164
Scores
EPSS
0.0459
EPSS Percentile
89.3%
Details
CWE
CWE-287
Status
published
Products (1)
lightblog/lightblog
8.4.1.1
Published
Oct 11, 2007
Tracked Since
Feb 18, 2026