CVE-2008-0329 Information

Description

LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php (2) comment_accepter.php and (3) comment_refuser.php in Admin/ which allows remote attackers to accept comments delete comments and delete articles via the id parameter.

Reference

http://secunia.com/advisories/28432 http://www.securityfocus.com/bid/27290 https://exchange.xforce.ibmcloud.com/vulnerabilities/39669 https://www.exploit-db.com/exploits/4912