CVE-2015-10071

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gitter:ez_publish_modern_legacy:*:*:*:*:*:*:*:*

History

11 Apr 2024, 00:53

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en gitter-badger ezpublish-modern-legacy. Ha sido calificada como problemática. Este problema afecta un procesamiento desconocido del archivo kernel/user/forgotpassword.php. La manipulación conduce a una recuperación de contraseña débil. La complejidad de un ataque es bastante alta. Se sabe que la explotación es difícil. La actualización a la versión 1.0 puede solucionar este problema. El parche se llama 5908d5ee65fec61ce0e321d586530461a210bf2a. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-218951.

07 Nov 2023, 02:23

Type Values Removed Values Added
CWE CWE-640

20 Oct 2023, 09:15

Type Values Removed Values Added
Summary A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. Upgrading to version 1.0 is able to address this issue. The name of the patch is 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951. A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.
CWE CWE-640

Information

Published : 2023-01-19 10:15

Updated : 2024-05-17 01:03


NVD link : CVE-2015-10071

Mitre link : CVE-2015-10071

CVE.ORG link : CVE-2015-10071


JSON object : View

Products Affected

gitter

  • ez_publish_modern_legacy
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password