CVE-2009-4907

Dootzky Oblog - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/10379

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/60907

[Exploit] http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt

[Vendor Advisory] http://secunia.com/advisories/37661

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54714

Scores

EPSS 0.0021

EPSS Percentile 43.3%

Details

CWE

CWE-352

Status published

Products (1)

dootzky/oblog

Published Jun 25, 2010

Tracked Since Feb 18, 2026