Magic News Plus Administrator Password Change Vulnerability

Magic News Plus Administrator Password Change Vulnerability

Magic News Plus is prone to a vulnerability regarding the administrator password. This issue is due to a failure in the application to properly verify user-supplied input.

An attacker can exploit this issue to change the administrator password and gain access to the affected application as the administrator. This may facilitate a compromise of the underlying system; other attacks are also possible.

This issue is reported to affect version 1.0.3; earlier versions may also be vulnerable.