exploitDog

CVE-2016-9479

Опубликовано: 02 дек. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.

Ссылки

http://b2evolution.net/downloads/6-7-9-stable
Patch
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/95006
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037393
https://github.com/b2evolution/b2evolution/issues/33
Issue Tracking
Patch
Third Party Advisory
http://b2evolution.net/downloads/6-7-9-stable
Patch
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/95006
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037393
https://github.com/b2evolution/b2evolution/issues/33
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*

Версия до 6.7.8 (включая)

EPSS

Процентиль: 74%

0.00838

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

CVE-2016-9479

CVSS3: 7.5

debian

около 9 лет назад

The "lost password" functionality in b2evolution before 6.7.9 allows r ...

GHSA-r7c5-pm6v-r8j9

CVSS3: 7.5

github

больше 3 лет назад

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.

EPSS

Процентиль: 74%

0.00838

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-255