| Título | crmeb CRMEB-KY v5.6.1 Low permission users can reset administrator password |
|---|
| Descrição | As you can see from the code, the save method receives a $id and a $data array containing the new data. It first gets administrator information from the database based on $id, and then, if the pwd field is included in $data, it updates the administrator's password. This code itself does not check whether the current operator has permission to modify the target user ($id) |
|---|
| Fonte | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb013.md |
|---|
| Utilizador | Yu Bao (UID 88956) |
|---|
| Submissão | 30/08/2025 06h12 (há 8 meses) |
|---|
| Moderação | 13/09/2025 11h46 (14 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 323824 [CRMEB até 5.6.1 Administrator Password SystemAdminServices.php save ID Elevação de Privilégios] |
|---|
| Pontos | 19 |
|---|