vendor:
PBLang
by:
SecurityFocus
7.5
CVSS
HIGH
Design Error
863
CWE
Product Name: PBLang
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
PBLang Message Deletion Vulnerability
PBLang is reported to be prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls. An attacker can exploit this vulnerability by crafting a malicious URL in the following format: http://www.example.com/pblang/delpm.php?id=[PMID]&a=[Target user name]
Mitigation:
Ensure that access controls are properly implemented and enforced.