classes/admin.class.php in CubeCart 5.2.12 up to and including 5.2.16 and 6.x prior to 6.0.7 does not properly validate that a password reset request was made, which allows remote malicious users to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cubecart cubecart 5.2.12 |
||
cubecart cubecart 6.0.3 |
||
cubecart cubecart 6.0.4 |
||
cubecart cubecart 5.2.15 |
||
cubecart cubecart 6.0.0 |
||
cubecart cubecart 5.2.13 |
||
cubecart cubecart 5.2.14 |
||
cubecart cubecart 6.0.5 |
||
cubecart cubecart 6.0.6 |
||
cubecart cubecart 6.0.1 |
||
cubecart cubecart 6.0.2 |