CVE-2009-0383 Information

Description

delete.php in Max.Blog 1.0.6 does not properly restrict access which allows remote attackers to delete arbitrary blog posts via a direct request.

Reference

http://osvdb.org/51482 http://secunia.com/advisories/33590 http://www.mzbservices.com/show_post.php?id=72 http://www.securityfocus.com/bid/33368 https://exchange.xforce.ibmcloud.com/vulnerabilities/48125 https://www.exploit-db.com/exploits/7835