2 matches found
CVE-2020-37106 Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...
Design/Logic Flaw
adminlogin/password.php in the Twitter Clone TClone plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2...