AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
https://exchange.xforce.ibmcloud.com/vulnerabilities/31123
http://www.securityfocus.com/bid/21787
http://www.securityfocus.com/archive/1/455352/100/0/threaded