admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
CPE | Name | Operator | Version |
---|---|---|---|
php_recommend | le | 1.3 |