index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/27711http://securityreason.com/securityalert/1279http://www.securityfocus.com/archive/1/439890/100/100/threadedhttp://www.securityfocus.com/bid/18959
