Swagtimeaoop

**Name of the Vulnerable Software and Affected Versions** thinkcmf version 5.1.7 **Description** The issue allows an attacker to modify the password of the administrator account with `id` 1 through the background user management group permissions. This is possible when the background user management group authority is required. **Recommendations** For thinkcmf version 5.1.7, restrict access to the background user management group permissions to minimize the risk of exploitation. As a temporary workaround, consider disabling the background user management group authority until a patch is available.