← Back

CVE-2015-6928

nvd nist
Published: Sep 28, 2015Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

Affected (11)

Products: Cubecart: Cubecart
Cubecart
1 product
Cubecart
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Cubecart
Cubecart
Version 5.2.12
Cubecart
Version 5.2.13
Cubecart
Version 5.2.14
Cubecart
Version 5.2.15
Cubecart
Version 6.0.0
Cubecart
Version 6.0.1
Cubecart
Version 6.0.2
Cubecart
Version 6.0.3
Cubecart
Version 6.0.4
Cubecart
Version 6.0.5
Cubecart
Version 6.0.6

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.