CVE-2007-2081 – MyBlog 0.9.8 - 'Settings.php' Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-2081
MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. MyBlog 0.9.8 y anteriores permite a atacantes remotos evitar los requerimientos de autenticación mediante el parámetro de administración cookie a ciertos ficheros de administración, como ha sido demostrado por admin/settings.php. • https://www.exploit-db.com/exploits/29864 http://osvdb.org/41593 http://securityreason.com/securityalert/2581 http://www.securityfocus.com/archive/1/465873/100/0/threaded http://www.securityfocus.com/bid/23521 https://exchange.xforce.ibmcloud.com/vulnerabilities/34025 •
CVE-2007-2082
https://notcve.org/view.php?id=CVE-2007-2082
Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. Vulnerabilidad de inyección directa de código estático en admin/settings.php de MyBlog 0.9.8 y anteriores permite a administradores remotos autenticados inyectar código PHP mediante el parámetro content, el cual puede ser ejecutado accediendo al index.php. NOTA: una vulnerabilidad separada podría hacer que este asunto fuese explotable por atacantes remotos no autenticados. • http://osvdb.org/35392 http://securityreason.com/securityalert/2581 http://www.securityfocus.com/archive/1/465873/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33707 •