2016-12-02 16:00:00
mitre
PUBLISHED
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.