dialog.php in CONTENTCustomizer 3.1mp and previous versions allows remote malicious users to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
contentcustomizer contentcustomizer 3.1mp |