CVE-2004-0621 Information

Description

admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level) which lists all users and their passwords.

Reference

http://marc.info/?l=bugtraq&m=108811585025216&w=2 http://www.securityfocus.com/bid/10605 https://exchange.xforce.ibmcloud.com/vulnerabilities/16507