Description
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Salvatore Fresta · textwebappsphp
https://www.exploit-db.com/exploits/8128
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/8128
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501352/100/0/threaded
Scores
EPSS
0.0239
EPSS Percentile
85.1%
Details
CWE
CWE-287
Status
published
Products (1)
will_kraft/ez-blog
Published
Apr 23, 2010
Tracked Since
Feb 18, 2026