CVE-2008-3318

Maian Weblog < 3.1 - Unauthenticated Authentication Bypass via weblog_cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3318. PoCs published by S.W.A.T..

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Maian Weblog <= v4.0 by setting an insecure cookie via JavaScript. The admin panel only checks for the presence of the cookie, not its content, allowing an attacker to gain admin access.

Description

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by S.W.A.T. · textwebappsphp
https://www.exploit-db.com/exploits/6064

This exploit demonstrates an authentication bypass vulnerability in Maian Weblog <= v4.0 by setting an insecure cookie via JavaScript. The admin panel only checks for the presence of the cookie, not its content, allowing an attacker to gain admin access.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Maian Weblog <= v4.0
No auth needed
Prerequisites: Access to the target's web interface to execute JavaScript
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30209
Various Sources x_refsource_confirm
http://www.maianscriptworld.co.uk/news.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43751
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30943
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6064

Scores

EPSS 0.0810
EPSS Percentile 94.1%

Details

CWE
CWE-287
Status published
Products (1)
maian/weblog < 3.1
Published Jul 25, 2008
Tracked Since Feb 18, 2026