VYPR
Unrated severityNVD Advisory· Published Jun 3, 2008· Updated Jun 16, 2026

CVE-2008-2524

CVE-2008-2524

Description

BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.

Affected products

2
  • Blogphp/Blogphp2 versions
    cpe:2.3:a:blogphp:blogphp:2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:blogphp:blogphp:2.0:*:*:*:*:*:*:*
    • (no CPE)range: 2.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.