CVE-2009-0383

Max.Blog 1.0.6 - Info Disclosure

Title source: llm

Description

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · htmlwebappsphp

https://www.exploit-db.com/exploits/7835

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48125

[Patch, Vendor Advisory, URL Repurposed] http://www.mzbservices.com/show_post.php?id=72

[Third Party Advisory, VDB Entry] http://osvdb.org/51482

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7835

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33368

[Patch, Vendor Advisory] http://secunia.com/advisories/33590

Scores

EPSS 0.1158

EPSS Percentile 93.7%

Details

CWE

CWE-264

Status published

Products (1)

mzbservices/max.blog 1.0.6

Published Feb 02, 2009

Tracked Since Feb 18, 2026