High
CVSS 8.8
Overview
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
UCMS 1.4.7 allows remote authenticated users to change the administrator passwor...
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
This vulnerability is rated 🟠 HIGH.
Recommended actions: