ikiwiki -- authentication bypass vulnerability
The ikiwiki maintainers discovered further flaws similar to
CVE-2016-9646 in the passwordauth plugin's use of
CGI::FormBuilder, with a more serious impact:
An attacker who can log in to a site with a password can log in as
a different and potentially more privileged user.
An attacker who can create a new account can set arbitrary fields
in the user database for that account
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright