Description CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. Remediation References CVE-2018-20716 Related Vulnerabilities WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.18) GlassFish CVE-2016-3608 Vulnerability (CVE-2016-3608) LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5573) WordPress Plugin Ajax Plugin Helper Cross-Site Scripting (1.0.5) Oracle JRE CVE-2012-0500 Vulnerability (CVE-2012-0500) Severity Critical Classification CVE-2018-20716 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities