The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.
CPE | Name | Operator | Version |
---|---|---|---|
alfrescoresetpassword | eq | 1.1.0.RC3 | |
alfrescoresetpassword | eq | 1.2.0.RC1 | |
alfrescoresetpassword | eq | 1.1.0 | |
alfrescoresetpassword | eq | 1.1.0.RC2 |