useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
Software | From | Fixed in |
---|---|---|
alt-n / webadmin | 3.0.2 | 3.0.2.x |