The new_password page in PBBoard 2.1.4 allows remote malicious users to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pbboard pbboard 2.1.4 |