Title: funadmin v7.1.0-rc4 CWE-640: Weak Password Recovery Mechanism for Forgotten Password Description: In app/frontend/controller/Member.php, the repass function implements password reset verification by comparing the forget_code cookie with the vercode value provided in the POST request. Because both values are controlled by the client and are not securely bound to the target user or validated server-side, an attacker can bypass the verification process and modify the password of any user by altering the user ID parameter. Source: https://github.com/l4m6da/CVE/issues/2 User: l4m6da (UID: 95320) Submission: 02/07/2026 01:10 PM (14 days ago) Moderation: 02/20/2026 07:57 PM (13 days later) Status: Accepted VulDB entry: 347206 [funadmin up to 7.1.0-rc4 Member.php repass forget_code/vercode password recovery] Points: 20