phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
Exploitability
AV:NAC:LAu:SImpact
C:NI:NA:P4/AV:N/AC:L/Au:S/C:N/I:N/A:P