Description
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Construction Mode Cross-Site Request Forgery (1.91)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10097)
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2018-20506)
WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)