The "lost password" functionality in b2evolution prior to 6.7.9 allows remote malicious users to reset arbitrary user passwords via a crafted request.
b2evolution b2evolution