2015-01-03 11:00:00
mitre
PUBLISHED
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrators password by specifying the administrators e-mail address in the email parameter.