Description CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. Remediation References CVE-2018-20716 Related Vulnerabilities WordPress 3.9.x Same Origin Method Execution (SOME) Vulnerability (3.9 - 3.9.11) WordPress Plugin Insert or Embed Articulate Content into WordPress Arbitrary File Upload (4.3000000023) WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0) Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103) WordPress Plugin WP-StarsRateBox 'j' Parameter SQL Injection (1.1) Severity Critical Classification CVE-2018-20716 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities