Description

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Remediation

References

CVE-2023-6152

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2002-1694)

Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27116)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35132)

Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)

WordPress Plugin Postie Multiple Vulnerabilities (1.9.40)

Severity

Medium

Classification

CVE-2023-6152 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities