CVE-2019-14346

Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
Source: NIST
CVE-2019-14346