CVE-2009-4091 Information

Description

comments.php in Simplog 0.9.3.2 and possibly earlier does not properly restrict access which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.

Reference

http://secunia.com/advisories/21390 http://www.exploit-db.com/exploits/10180 http://www.securityfocus.com/bid/37063 https://exchange.xforce.ibmcloud.com/vulnerabilities/54355