CVE-2012-5299

Name of the Vulnerable Software and Affected Versions Mavili Guestbook version released in November 2007

Description The issue allows remote attackers to edit, delete, and approve arbitrary messages. This can be achieved by making a direct request to API endpoints such as "edit.asp", "delete.asp", or "approve.asp".

Recommendations For the version released in November 2007, consider restricting access to the "edit.asp", "delete.asp", and "approve.asp" API endpoints to prevent unauthorized message editing, deletion, and approval. At the moment, there is no information about a newer version that contains a fix for this issue.