CVE-2019-10014

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7SP2

Description: The issue allows remote authenticated users to reset the passwords of arbitrary users. This is possible due to improper validation of the key parameter in the member/resetpassword.php script, which can be exploited by modifying the id parameter.

Recommendations: For DedeCMS version 5.7SP2, as a temporary workaround, consider restricting access to the member/resetpassword.php script until a proper fix is available, or ensure that the key parameter is properly validated to prevent unauthorized password resets.