Unrated severityNVD Advisory· Published Jun 25, 2010· Updated Apr 29, 2026

CVE-2009-4907

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.

Affected products

Dootzky/Oblog
cpe:2.3:a:dootzky:oblog:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txtnvdExploit
secunia.com/advisories/37661nvdVendor Advisory
osvdb.org/60907nvd
exchange.xforce.ibmcloud.com/vulnerabilities/54714nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000