classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-09-28T15:00:00
Updated: 2016-12-05T21:57:02
Reserved: 2015-09-14T00:00:00
Link: CVE-2015-6928
JSON object: View
NVD Information
Status : Modified
Published: 2015-09-28T15:59:01.627
Modified: 2016-12-07T18:22:10.353
Link: CVE-2015-6928
JSON object: View
Redhat Information
No data.
CWE