CVE-2015-10071

Name of the Vulnerable Software and Affected Versions ezpublish-modern-legacy versions prior to 1.0

Description A vulnerability was found in the processing of the file kernel/user/forgotpassword.php, leading to weak password recovery. The complexity of an attack is rather high, and the exploitation is known to be difficult.

Recommendations For versions prior to 1.0, upgrade to version 1.0 to address this issue. As a temporary workaround, consider restricting access to the forgotpassword.php file until the upgrade is applied.