CVE-2016-9479

Опубликовано: 02 дек. 2016

Источник: debian

Описание

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.

Пакет	Статус	Версия исправления	Релиз	Тип
b2evolution	removed			package

CVE-2016-9479

CVSS3: 7.5

nvd

около 9 лет назад

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.

GHSA-r7c5-pm6v-r8j9

CVSS3: 7.5

github

больше 3 лет назад

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.