CVE-2018-1000501

Name of the Vulnerable Software and Affected Versions Instant Update CMS versions prior to 0.3.3

Description The issue is related to a password reset vulnerability in the /iu-application/controllers/administration/auth.php file, which can lead to account takeover. This can be exploited via network connectivity.

Recommendations For versions prior to 0.3.3, update to version 0.3.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable auth.php file until the update is applied.