CVE-2007-4047 - Vulnerability Details - OpenCVE

geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.21435.

Key SSVC decision points have not yet been added.

Vendors	Products
Geoblog Subscribe	Geoblog Subscribe

Configuration 1 [-]

cpe:2.3:a:geoblog:geoblog:1:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/42485
http://osvdb.org/42486
http://osvdb.org/42487
http://securityreason.com/securityalert/2934
http://www.securityfocus.com/archive/1/474127/100/0/threaded
http://www.securityfocus.com/bid/24966
https://exchange.xforce.ibmcloud.com/vulnerabilities/35494

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-27T22:00:00

Updated: 2024-08-07T14:37:06.081Z

Reserved: 2007-07-27T00:00:00

Link: CVE-2007-4047

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-07-27T22:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4047

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "42487", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42487"}, {"name": "2934", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2934"}, {"name": "geoblog-listcomments-security-bypass(35494)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"}, {"name": "42486", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42486"}, {"name": "24966", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24966"}, {"name": "20070719 Geoblog v1 administrator bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/474127/100/0/threaded"}, {"name": "42485", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42485"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4047", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42487", "refsource": "OSVDB", "url": "http://osvdb.org/42487"}, {"name": "2934", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2934"}, {"name": "geoblog-listcomments-security-bypass(35494)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"}, {"name": "42486", "refsource": "OSVDB", "url": "http://osvdb.org/42486"}, {"name": "24966", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24966"}, {"name": "20070719 Geoblog v1 administrator bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/474127/100/0/threaded"}, {"name": "42485", "refsource": "OSVDB", "url": "http://osvdb.org/42485"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:37:06.081Z"}, "title": "CVE Program Container", "references": [{"name": "42487", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42487"}, {"name": "2934", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2934"}, {"name": "geoblog-listcomments-security-bypass(35494)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"}, {"name": "42486", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42486"}, {"name": "24966", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24966"}, {"name": "20070719 Geoblog v1 administrator bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/474127/100/0/threaded"}, {"name": "42485", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42485"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4047", "datePublished": "2007-07-27T22:00:00", "dateReserved": "2007-07-27T00:00:00", "dateUpdated": "2024-08-07T14:37:06.081Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:geoblog:geoblog:1:*:*:*:*:*:*:*", "matchCriteriaId": "FDBA770D-69D8-45F4-AEFC-CAC0E4C32C82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter."}, {"lang": "es", "value": "geoBlog (tambi\u00e9n conocido como BitDamaged) 1 no requiere autenticaci\u00f3n para (1) deletecomment.php, (2) deleteblog.php, y (3) listcomment.php en admin/, lo cual permite a atacantes remotos borrar comentarios de su elecci\u00f3n, borrar blogs de su elecci\u00f3n y tener otro impacto no especificado mediante una petici\u00f3n con un par\u00e1metro id v\u00e1lido."}], "id": "CVE-2007-4047", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-27T22:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/42485"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42486"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42487"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2934"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/474127/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24966"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/474127/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35494"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}