Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Devellion CubeCart 安全漏洞
Vulnerability Description
Devellion CubeCart是英国Devellion公司的一套免费且开源的电子商务购物车软件。该软件支持在网上商店销售产品、添加/编辑产品或图像等。 Devellion CubeCart 5.2.12版本至5.2.16版本和6.0.7之前6.x版本的classes/admin.class.php脚本中存在安全漏洞,该漏洞源于程序没有正确验证是否发生密码重置请求。远程攻击者可通过发送特制的恢复请求利用该漏洞更改管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A