CVE-2026-30459

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...

PT-2026-22209

Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop, a TypeScript-first eCommerce platform, has an issue in the "Forgot Password" functionality. When a target email address is provided, the API response includes the password reset token. Thi...

CVE-2025-11599 Campcodes Online Apartment Visitor Management System forgot-password.php sql injection

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2024-5357

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely...

ORDAT FOSS-Online 安全漏洞

ORDAT FOSS-Online is an enterprise resource management solution from ORDAT. A security vulnerability exists in ORDAT FOSS-Online versions prior to 2.24.01, which stems from the Forgot Password feature containing a SQL injection vulnerability...

PT-2024-20517 · Innovaphone · Innovaphone Pbx

Name of the Vulnerable Software and Affected Versions: Innovaphone PBX versions prior to 14r1 Description: An issue was discovered in the Forgot password function. It provides information about whether a user exists on a system, and it also provides different responses to incoming requests in a w...

CVE-2023-43902

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...

PT-2023-29039 · Emsigner · Emsigner

Name of the Vulnerable Software and Affected Versions: EMSigner version 2.8.7 Description: The issue is related to incorrect access control in the Forgot Your Password function, allowing unauthenticated attackers to access accounts of all registered users, including those with administrator...

CVE-2019-13477

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account...