CVE-2009-2125 Information

Description

delete_bug.php in Elvin before 1.2.1 does not require administrative privileges which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.

Reference

http://bugs.elvinbts.org/show_bug.php?id=50 http://osvdb.org/55101 http://secunia.com/advisories/35430