By manipulating the data sent to the server a user can DELETE and RESET PASSWORD of any FTP account.
Also, it is possible to find valid logins by issuing queries to sequential IDs.
Initially reported by @eByte23 on #189
+1 for @Caffe1neAdd1ct
I suggest we close the issue? Because it's fixed...