Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another users password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.