reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
CPE | Name | Operator | Version |
---|---|---|---|
projectsend | eq | r753 | |
projectsend | eq | r756 | |
projectsend | eq | r1053 | |
projectsend | eq | r1070 | |
projectsend | eq | r559 | |
projectsend | eq | r754 |