CVE-2019-12742

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
References
Configurations

Configuration 1

cpe:2.3:a:bludit:bludit:*:*:*:*:*:*:*:*

Information

Published : 2019-06-05 04:29

Updated : 2020-08-24 05:37


NVD link : CVE-2019-12742

Mitre link : CVE-2019-12742

Products Affected
No products.
CWE