PBLang Bulletin Board System 4.x DelPM.PHP Arbitrary Personal Message Deletion Vulnerability

2005-03-01T00:00:00
ID EDB-ID:25179
Type exploitdb
Reporter Raven
Modified 2005-03-01T00:00:00

Description

PBLang Bulletin Board System 4.x DelPM.PHP Arbitrary Personal Message Deletion Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/12694/info

PBLang is reported prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls. 

http://www.example.com/pblang/delpm.php?id=[PMID]&a=[Target user name]