CVE-2008-7181

Name of the Vulnerable Software and Affected Versions Butterfly Organizer version 2.0.0

Description The issue allows remote attackers to perform unauthorized actions. This includes deleting arbitrary categories by modifying the tablehere parameter in the "category-delete.php" endpoint with is js confirmed set to 1, or deleting arbitrary accounts via the mytable parameter in the "delete.php" endpoint.

Recommendations For Butterfly Organizer version 2.0.0, as a temporary workaround, consider restricting access to the "category-delete.php" and "delete.php" endpoints until a patch is available. Avoid using the tablehere and mytable parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.