Closed
Description
thinkcmf v5.17 found an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. By default, the password of the administrator account with id 1 cannot be modified.
Vulnerable Files:/public/plugins/portal/controller/AdminRbacController.php
Browser access /admin/user/edit/id/1.html,Modify the password of the administrator account with id 1.

