Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote malicious users to uninstall Vcard and delete database tables via a direct request to uninstall.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
belchior foundry vcard 2.8 |
||
belchior foundry vcard 2.9 |