change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.Referenceshttps://www.exploit-db.com/exploits/5824http://www.securityfocus.com/bid/29752https://exchange.xforce.ibmcloud.com/vulnerabilities/43119
