2z project 0.9.6.1 allows attackers to change the password without supplying the old password.Referenceshttp://www.securityfocus.com/bid/27057http://securityreason.com/securityalert/3514http://www.securityfocus.com/archive/1/485590/100/0/threadedhttp://2z-project.ru/forum/viewtopic.php?pid=8309
