Cubecart · Cubecart · CVE-2015-6928
**Name of the Vulnerable Software and Affected Versions**
CubeCart versions 5.2.12 through 5.2.16
CubeCart versions 6.x before 6.0.7
**Description**
The issue arises from improper validation of password reset requests, allowing remote attackers to change the administrator password. This can be achieved by sending a recovery request with a space character in the `validate` parameter and the administrator email in the `email` parameter.
**Recommendations**
For CubeCart versions 5.2.12 through 5.2.16, update to version 5.2.17 or later to resolve the issue.
For CubeCart versions 6.x before 6.0.7, update to version 6.0.7 or later to resolve the issue.