Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
5
-
Description
Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL.
/pages/doremoveblogpost.action?pageId=<page to delete>