CVE-2015-6928
CubeCart is affected by a password-reset validation flaw in admin.class.php affecting 5.2.12–5.2.16 and 6.x (before 6.0.7). The issue allows a remote attacker to change the administrator password by sending a recovery request with a space character in the validate parameter and the administrator ...