CubeCart 6.0.6 Administrative Bypass
Application: CubeCart 6.0.6 5.2.12 Fixed: 07/09/2015 6.0.7 Credits: Fernando Câmara @overflowy Title: Admin account hijacking vulnerability Dork: inurl:"index.php?a=" Requirements: Default admin recovery functions enabled... Knowledge of the admin account email P.O.C Its possible for an attacker ...