CRMEB Administrator Password Reset Vulnerability in SystemAdminServices.php

A vulnerability exists in CRMEB versions through 5.6.1, specifically within the 'Save' function of 'app/services/system/admin/SystemAdminServices.php'. This issue arises in the Administrator Password Handler component, where improper authorization allows low-privilege users to reset administrator passwords. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows low-privilege users to reset administrator passwords, potentially leading to unauthorized administrative access.

Reproduction

To reproduce this vulnerability, send a PUT request to '/adminapi/setting/admin/{id}' with a payload that includes the 'pwd' field set to the desired new password. The 'id' parameter can be any valid administrator ID. This request will be processed by the 'SystemAdminController', which lacks proper authorization checks, allowing the password to be changed without the necessary permissions.