HDWiki 5.1 arbitrary User Password Change vulnerability and fix-vulnerability warning-the black bar safety net
HDWiki reset the password there is a logical vulnerability, the attacker can modify any user password. Detailed description: control/user.php function dogetpass ...... elseifisset$this-post'verifystring' $uid=$this-post'uid'; $encryptstring=$this-post'verifystring';...