PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4614)