An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Self_service_password | Ltb-project | * | 1.5.4 (excluding) |