PT-2023-10333 · Cesnet · Cesnet Theme-Cesnet
Published
2023-01-07
·
Updated
2024-05-17
·
CVE-2016-15014
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CESNET theme-cesnet versions up to 1.x
Description
A vulnerability has been found in the CESNET theme-cesnet, affecting an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement.
Recommendations
Upgrading to version 2.0.0 is able to address this issue. It is recommended to upgrade the affected component.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cesnet Theme-Cesnet