kiwitcms is vulnerable to Incorrect Authorization. The vulnerability exists in email
parameter of admin.py
because it does not properly validate email addresses in the admin page, which allows an attacker to change an email address without verifying ownership during account registration.