CVE-2018-19437
CVE-2018-19437 affects UCMS 1.4.7. The vulnerability allows remote authenticated users to change the administrator password via cookie-based authentication: $COOKIE['admin '.cookiehash] can be set to arbitrary non-empty values. This is the root cause and leads to admin access compromise. CVSS det...