account.asp in DUware DUclassmate 1.0 up to and including 1.1 allows remote malicious users to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
duware duclassmate 1.1 |
||
duware duclassmate 1.0 |