UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ucms project ucms 1.4.7 |