admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.

admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are ob