cvedb.io
CVE-2015-6928
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-09-28T15:59:01.627 · Last modified 2026-06-17T00:31:37.190

Summary

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

Affected products

cubecart — cubecart

Does this affect you?

Add your gear to cvedb and we'll alert you only when cubecart ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.