PBLang Bulletin Board System 4.x - 'DelPM.php' Arbitrary Personal Message Deletion

Author: Raven
type: webapps
platform: php
port: 
date_added: 2005-03-01 
date_updated: 2013-05-03 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/12694/info

PBLang is reported prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls.

http://www.example.com/pblang/delpm.php?id=[PMID]&a=[Target user name]