fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://sourceforge.net/p/e107/svn/13114 - |
Information
Published : 2014-01-22 19:55
Updated : 2024-11-21 02:00
NVD link : CVE-2013-7305
Mitre link : CVE-2013-7305
CVE.ORG link : CVE-2013-7305
JSON object : View
Products Affected
e107
- e107
CWE
CWE-255
Credentials Management Errors