CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

Date published : 2017-03-20

http://www.securityfocus.com/bid/96142

https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.0.2/CHANGELOG.TXT