VYPR
Unrated severityNVD Advisory· Published Mar 24, 2019· Updated Aug 4, 2024

CVE-2019-10014

CVE-2019-10014

Description

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

Affected products

2
  • Dedecms/Dedecmsinferred2 versions
    = 5.7SP2+ 1 more
    • (no CPE)range: = 5.7SP2
    • (no CPE)range: = 5.7SP2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.