When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
https://github.com/zmister2016/MrDoc/blob/master/app_admin/views.py#L985
# 普通用户修改密码
@login_required()
@logger.catch()
def change_pwd(request):
if request.method == 'POST':
try:
# Without verifying the original password
password = request.POST.get('password',None)
password2 = request.POST.get('password2',None)
print(password, password2)
if password and password== password2:
if len(password) >= 6:
user = User.objects.get(id=request.user.id)
user.set_password(password)
user.save()
This vulnerability is capable of