Patched Version : https://sir.kr/g5_pds/6400
Patche History : https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2
Affected Version : Gnuboard 5.54, 5.55
Patched Version : Gnuboard 5.56
Analysis : https://blog.naver.com/ksw9722/223624555787
An attacker can change password of all users without knowing victm’s original password.
This vulnerability can change admin’s password too.
This vulnerability occured because of lack of authentication check when changed password. (/bbs/password_reset_update.php)