password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Snitz_forums_2000 | Snitz_communications | 3.4.03 (including) | 3.4.03 (including) |