fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
References
Link | Resource |
---|---|
http://sourceforge.net/p/e107/svn/13114 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2014-01-22 19:55
Updated : 2024-02-28 12:20
NVD link : CVE-2013-7305
Mitre link : CVE-2013-7305
CVE.ORG link : CVE-2013-7305
JSON object : View
Products Affected
e107
- e107
CWE
CWE-255
Credentials Management Errors