CVE-2019-12742

Posted on by admin

CVE-2019-12742

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).

Source: CVE-2019-12742

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다