Description

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

Remediation

References

CVE-2015-6928

Related Vulnerabilities

WordPress Plugin Manage Notification E-mails Cross-Site Request Forgery (1.8.2)

Apache Tomcat Off-by-one Error Vulnerability (CVE-2023-28709)

WordPress Plugin WP Page Builder Multiple Vulnerabilities (1.2.3)

Magento CVE-2019-8136 Vulnerability (CVE-2019-8136)

WordPress Plugin Simple Banner Cross-Site Scripting (2.11.0)

Severity

Medium

Classification

CVE-2015-6928 CWE-284

Tags

Missing Update Known Vulnerabilities