CVE-2026-2543

CVSS v2.0

3.3

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions vichan-devel versions up to 5.1.5

Description A flaw exists in vichan-devel that allows for unverified password changes. This issue is located in the Password Change Handler component, specifically within the

inc/mod/pages.php

file. The

Password

argument can be manipulated to trigger the issue, enabling attackers to change passwords without proper verification. This attack can be carried out remotely. The vendor was notified but did not respond.

Recommendations Update vichan-devel to a version beyond 5.1.5.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640CWE-620

Related Identifiers

CVE-2026-2543

Affected Products

Vichan-Devel

CVE-2026-2543

Weakness Enumeration

Related Identifiers

Affected Products

References · 8