CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote malicious users to modify usernames and passwords via a direct request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cuteflow cuteflow 2.11.0_c |
||
cuteflow cuteflow 2.10.3 |