A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.
[
{
"product": "PyForum",
"vendor": "PyForum",
"versions": [
{
"status": "affected",
"version": "v1.0.3"
}
]
}
]