search

OpenRapid / rapidcms

快速简单好用的CMS系统
MIT License
12 stars 1 forks source link

Administrator password reset vulnerability exists in RapidCMS Dev.1.3.1 #5

Closed TXPH closed 1 year ago

TXPH commented 1 year ago

RapidCMS Dev.1.3.1 was discovered to contain Administrator password reset vulnerability in admin/run-movepass.php. For more details, see: RapidCMS-PasswordReset.pdf

codewyx commented 1 year ago

This issue has been solved in the latest release.(codewyx committed on Jul 11) https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe#diff-fc57d4c69cf5912c6edb5233c6df069a91106ebd481c115faf1ea124478b26d0