Zi0N8

**Name of the Vulnerable Software and Affected Versions** LIZHIFAKA version 2.2.0 **Description** The issue allows an authenticated attacker to execute arbitrary commands via the set password function in the "admin/index/email" location. **Recommendations** For LIZHIFAKA version 2.2.0, consider disabling the set password function in the admin/index/email location until a patch is available. Restrict access to the admin/index/email location to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.