Description
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.6)
WordPress Plugin Advertisement Management Multiple Vulnerabilities (1.0)
WordPress 7PK - Security Features Vulnerability (CVE-2016-10148)
WebLogic CVE-2019-2452 Vulnerability (CVE-2019-2452)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)