telepark.wiki 2.4.23 and previous versions allows remote malicious users to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
telepark telepark.wiki 2.4.23 |