2 matches found
CVE-2016-9479
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request...
CVE-2016-9479
The CVE-2016-9479 vulnerability affects b2evolution prior to version 6.7.9, where the lost-password feature allows a remote attacker to reset arbitrary user passwords via a crafted request. This can enable account compromise without user interaction. Root cause, as described across connected docu...