Alfresco · Alfresco Reset Password Add-On · CVE-2020-25727
**Name of the Vulnerable Software and Affected Versions**
Alfresco Reset Password add-on versions prior to 1.2.0
**Description**
The issue allows a malicious user to inject a query within the email input field, utilizing CMIS-SQL Injection.
**Recommendations**
For versions prior to 1.2.0, update the Reset Password add-on to version 1.2.0 or later to resolve the issue.