CVE-2015-6928

Name of the Vulnerable Software and Affected Versions CubeCart versions 5.2.12 through 5.2.16 CubeCart versions 6.x before 6.0.7

Description The issue arises from improper validation of password reset requests, allowing remote attackers to change the administrator password. This can be achieved by sending a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

Recommendations For CubeCart versions 5.2.12 through 5.2.16, update to version 5.2.17 or later to resolve the issue. For CubeCart versions 6.x before 6.0.7, update to version 6.0.7 or later to resolve the issue.