membership.asp in Mini-Nuke CMS System 1.8.2 and previous versions does not verify the old password when changing a password, which allows remote malicious users to change the passwords of other members via a lostpassnew action with a modified x parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mini-nuke cms system |