CVE-2007-5572

Sphpblog - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php.

References (5)

[Various Sources] http://hackish.altervista.org/forum/viewtopic.php?t=221

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37238

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37239

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/482422/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/27264

Scores

EPSS 0.0018

EPSS Percentile 39.2%

Classification

CWE

CWE-352

Status draft

Affected Products (1)

sphpblog/sphpblog

Timeline

Published Oct 18, 2007

Tracked Since Feb 18, 2026