shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
Debian Linux Security Advisory 2179-1 - Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services.