2008-10-20 18:00:00
mitre
PUBLISHED
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.