CVE-2008-2524

Description

BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.

Affected products

• blogphp / blogphp2.0 – 2.0

References

• MISChttp://www.securityfocus.com/bid/29133
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/42372
• VENDOR_ADVISORYhttp://secunia.com/advisories/30165
• MISChttp://www.davidsopas.com/soapbox/blogphp.txt