delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.
Software | From | Fixed in |
---|---|---|
pblang / pblang | 4.0 | 4.0.x |
pblang / pblang | 4.56_4.5_rc2 | 4.56_4.5_rc2.x |
pblang / pblang | 4.6 | 4.6.x |
pblang / pblang | 4.63 | 4.63.x |