Description
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
Remediation
References
Related Vulnerabilities
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4724)
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3655)
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.8)
WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)