ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".
https://exchange.xforce.ibmcloud.com/vulnerabilities/9006
http://www.securityfocus.com/bid/4671