Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.