Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote malicious users to change a password after hijacking a session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
textpattern textpattern 4.0.5 |