header-logo
Suggest Exploit
vendor:
Messagerie
by:
SecurityFocus
4.3
CVSS
MEDIUM
Arbitrary User Account Deletion
264
CWE
Product Name: Messagerie
Affected Version From: Messagerie 1.0
Affected Version To: Messagerie 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Messagerie Arbitrary User Account Deletion Vulnerability

Messagerie is a web message board application maintained by La Basse. An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts. Reportedly, submitting a specially crafted URL will successfully remove user accounts. It should be noted that known usernames of the system is required.

Mitigation:

Ensure that the application is configured to only allow authenticated users to delete user accounts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4635/info

Messagerie is a web message board application maintained by La Basse.

An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts.

Reportedly, submitting a specially crafted URL will successfully remove user accounts.

It should be noted that known usernames of the system is required.


http://www.host.com/supp_membre.php?choix_membre_supp=polom

Navigation

Suggest Exploit

Services By CQR