The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and previous versions does not check for administrative authentication and does not require knowledge of the original password, which allows remote malicious users to change the admin account password via modified npass and npass1 parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videoscript videoscript |