CVE-2008-6524
CVE-2008-6524 affects openInvoice up to version 0.90 beta and earlier. It allows remote authenticated users to change arbitrary user passwords via a modified uid parameter in resetpass.php. The description notes this can be leveraged with a separate vulnerability in auth.php to modify passwords w...