login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pligg pligg cms 9.5 |