delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.Referenceshttp://bugs.elvinbts.org/show_bug.php?id=50http://secunia.com/advisories/35430http://osvdb.org/55101
