Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page.