https://www.exploit-db.com/exploits/23843
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-625

Vcard2.9版本及其他可能的版本不需要运行uninstall.php的认证，远程攻击可以借助uninstall.php的直接请求来卸载Vcard以及删除数据库表格。

source: http://www.securityfocus.com/bid/9910/info

It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the application.

This issue may be leveraged to manipulate the application database, potentially destroying data.

http://www.example.com/vcard/admin/uninstall.php
http://www.example.com/vcard/admin/uninstall.php?step=2

来源:BID
名称:9910
链接:http://www.securityfocus.com/bid/9910
来源:BUGTRAQ
名称:20040317Vcard2.8uninstallscriptproblem
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107957312531199&w;=2
来源:XF
名称:vcard-uninstall-delete-table(15522)
链接:http://xforce.iss.net/xforce/xfdb/15522