CubeCart 6.1.12 - Admin Authentication Bypass
I Forgot My Password! Both vulnerabilities are exploitable through CubeCarts "I forgot my Password!" functionality. It is implemented in the file classes/cubecart.class.php, in the method recovery. When a user forgot his password, he can use this feature to enter his email address, a valid passwo...