modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote malicious users to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vtiger vtiger crm 6.0.0 |