Security Advisory

CVE-2019-10014

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-24 21:02:49

Last updated 2024-08-04 22:10:08

Assigner mitre

State PUBLISHED

Description

In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

← Browse all CVEs View on cve.org ↗