Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2524

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2524
Last Modified 01 Apr 2009 01:32:25
Published 03 Jun 2008 11:32:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2524

Summary

BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.

Vulnerable Systems

Application

  • Blogphp 2.0


References

XF - blogphp-blogphpusername-security-bypass(42372)

BID - 29133

MISC - http://www.davidsopas.com/soapbox/blogphp.txt

SECUNIA - 30165


Last Updated: 27 May 2016 10:47:54