The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
CPE | Name | Operator | Version |
---|---|---|---|
the_simple_forum | eq | 3.1.100 |