Description

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

Remediation

References

CVE-2015-6928

Related Vulnerabilities

phpList CVE-2023-27576 Vulnerability (CVE-2023-27576)

WordPress Plugin MainWP Child Reports SQL Injection (2.0.7)

Oracle Application Server CVE-2009-1976 Vulnerability (CVE-2009-1976)

WordPress Plugin Product Catalog Multiple SQL Injection Vulnerabilities (2.1)

WordPress Plugin WPFront Notification Bar Cross-Site Scripting (1.9.1.04012)

Severity

Medium

Classification

CVE-2015-6928 CWE-284

Tags

Missing Update Known Vulnerabilities