CVE-2009-1226 Information

Description

core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions which allows remote attackers to delete arbitrary files via the file parameter.

Reference

http://secunia.com/advisories/34555 http://www.securityfocus.com/bid/34317 https://www.exploit-db.com/exploits/8324