# Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover  
# Date: 2020-08-18  
# Exploit Author: Muhammed Eren Uygun  
# Vendor Homepage:  
# Software Link:  
# Version: 1.12.2-1.14.2  
# Tested on: Linux  
# CVE : CVE-2020-15149 -  
A bug in this validation logic made it possible to change the password of any user on a running NodeBB forum by sending a specially crafted call to the server. This could lead to a privilege escalation event due via an account takeover.  
Bug PoC:  
1- Create a user  
2- Go to password change page  
3- Change password with proxy  
4- Replace the uid on the request with 1, which is the uid value of the admin user, and send the request.  
5- So you can login with this password to admin user.