RunCMS prior to 1.6.1 does not require entry of the old password during a password change, which allows context-dependent malicious users to change passwords upon obtaining temporary access to a session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runcms runcms |