In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dedecms dedecms 5.7 |