PBLang Bulletin Board System 4.x - 'DelPM.php' Arbitrary Personal Message Deletion

Author: Raven
type: webapps
platform: php
port: 
date_added: 2005-03-01  
date_updated: 2013-05-03  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25179.txt  

source: https://www.securityfocus.com/bid/12694/info

PBLang is reported prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls.

http://www.example.com/pblang/delpm.php?id=[PMID]&a=[Target user name]