Описание
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
Ссылки
- Exploit
- Exploit
- PatchVendor Advisory
- Exploit
- Exploit
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cubecart:cubecart:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.2.14:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:6.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00624
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
EPSS
Процентиль: 70%
0.00624
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-284