Back to search
CVE-2015-6928
Published: Sep 28, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20150910 CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability
mailing-list
x_refsource_FULLDISC
1034015
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now