CVE-2013-7305

Name of the Vulnerable Software and Affected Versions e107 versions through 1.0.4

Description The issue concerns the lack of validation for the user ban field in the fpw.php file. This oversight allows remote attackers to reset passwords by sending a 'pwsubmit' request, provided they have access to the e-mail account of a banned user.

Recommendations For versions through 1.0.4, consider modifying the fpw.php file to include checks for the user ban field to prevent unauthorized password resets. As a temporary workaround, restrict access to the password reset functionality for banned users until a proper fix is implemented.