Description
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.
Affected products
- belchior_foundry / vcard2.8 – 2.8
- belchior_foundry / vcard2.9 – 2.9