2009-02-02 19:00:00
mitre
PUBLISHED
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.