CGI Script Center Account Manager LITE / PRO Administrative Password Alteration Vulnerability

Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:


This would grant the user full administrative privileges which includes the capability of granting and revoking user access to secured areas of the target website.


Privacy Statement
Copyright 2010, SecurityFocus