Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Vichan Password Change Vulnerability Allows Remote Password Changes
CVE-2026-2543
Summary
A security issue in Vichan versions up to 5.1.5 allows an attacker to change the password of a user without verifying the old password. This can be done from a remote location. We recommend updating to a fixed version of Vichan as soon as possible to prevent unauthorized access.
Original title
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation o...
Original description
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
3.3
nvd CVSS3.1
2.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-620
CWE-640
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026