Messagerie 1.0 - Arbitrary User Removal Denial of Service

EDB-ID:

21428

CVE:



Author:

frog

Type:

dos


Platform:

PHP

Date:

2002-04-27


source: https://www.securityfocus.com/bid/4635/info

Messagerie is a web message board application maintained by La Basse.

An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts.

Reportedly, submitting a specially crafted URL will successfully remove user accounts.

It should be noted that known usernames of the system is required.


http://www.host.com/supp_membre.php?choix_membre_supp=polom