When register_global = On is set On the server because a variable is not initialized, members can modify their own member information at will.
The effect is limited because register_global = On is required .. Vulnerabilities involve the fact that a Member can modify his/her balance, which may cause serious consequences on the website. Therefore, the vulnerability level is set to high.
Description: The account_manage_password function for modifying the user password is not initialized for $ updateinfo. As a result, it can be submitted.
In an array such as updateinfo [amount], you can modify your balance, points, member groups, VIP, and other information stored in the member table at will.
File: \ phpcms \ modules \ member \ index. php
About 435 rows: www.2cto.com
$ Newpassword = password ($ _ POST ['info'] ['newpassword'], $ this-> memberinfo ['encryption']);
$ Updateinfo ['Password'] = $ newpassword;
$ This-> db-> update ($ updateinfo, array ('userid' => $ this-> memberinfo ['userid']);
Vulnerability proof: file: \ phpcms \ modules \ member \ index. php
About 435 rows:
$ Newpassword = password ($ _ POST ['info'] ['newpassword'], $ this-> memberinfo ['encryption']);
$ Updateinfo ['Password'] = $ newpassword;
$ This-> db-> update ($ updateinfo, array ('userid' => $ this-> memberinfo ['userid']);
Solution:
$ Updateinfo = array ();