Description
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator Plus for WordPress Multiple Vulnerabilities (3.0.1)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0216)
WordPress Plugin Affiliate Power-Sales Tracking for Affiliate Marketers Cross-Site Scripting (2.2.0)
WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (4.9.1)