Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.Referenceshttp://marc.info/?l=bugtraq&m=107957312531199&w=2http://www.securityfocus.com/bid/9910https://exchange.xforce.ibmcloud.com/vulnerabilities/15522
