A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function
sendEmail
of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery.
This vulnerability was named CVE-2024-9907. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.