2 matches found
CVE-2009-4089
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...
CVE-2009-4089
Telepark.wiki versions 2.4.23 and earlier are affected. Affected component: ajax/deletePage.php (modified pageID) allows deletion of arbitrary pages; ajax/deleteComment.php (modified pageID) allows deletion of arbitrary comments. Root cause: insufficient access control in Telepark.wiki web endpoi...