PAD CMS Password Recovery Vulnerability Allowing Unauthorized Password Changes

Vulnerability

A vulnerability in PAD CMS has been identified, allowing unauthorized users to change passwords for any user who has not previously used the password reset function. This issue arises from improper initialization of the parameter used for password recovery. The vulnerability affects all three templates: www, bip, and www+bip.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized access to user accounts.

Added: Sep 30, 2025, 11:58 AM

Updated: Sep 30, 2025, 11:58 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PAD CMS Password Recovery Vulnerability Allowing Unauthorized Password Changes

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating