An issue in Bludit 4.0.0-rc-2 allows authenticated malicious users to change the Administrator password and escalate privileges via a crafted request.
bludit bludit 4.0.0