Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-05-10T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-05-04T00:00:00
Link: CVE-2004-1828
JSON object: View
NVD Information
Status : Modified
Published: 2004-12-31T05:00:00.000
Modified: 2017-07-11T01:31:23.077
Link: CVE-2004-1828
JSON object: View
Redhat Information
No data.
CWE