In version 6.03 of BoltWire CMS, it is possible to exploit an “Improper Access Control” vulnerability, through the index.php?p=member.admin&action=data parameter, allowing an attacker to view any member's password, including the from the admin, thus allowing the theft of information, arbitrary changes to data or manipulation of the application for malicious purposes.

Update to the latest version of BoltWire CMS.

1) Create a new member.

2) Access the following URL: http://domain.com/folder/index.php?p=member.admin&action=data

Note: replace http://domain.com/folder/ with the address of the application to be tested.

3) As a result, you will be able to view the admin password.

4) To view other users' passwords, simply change the “admin” parameter in the URL provided above to another user's name, for example member.user.