Security Advisory

CVE-2015-6928

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-09-28 15:00:00

Last updated 2024-08-06 07:36:34

Assigner mitre

State PUBLISHED

Description

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

← Browse all CVEs View on cve.org ↗