MKCMS 5.0 allows remote malicious users to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mkcms project mkcms 5.0 |