CVE-2004-2198 - Hollowhearted Weathers
Description
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the \My Account\ page.
Reference
http://www.securityfocus.com/bid/11363 http://www.osvdb.org/10663 http://www.securitytracker.com/alerts/2004/Oct/1011597.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17682