3 matches found
CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate parameter of the "I forgot my Password!" feature...
CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate parameter of the "I forgot my Password!" feature...
CVE-2018-20716
CubeCart prior to 6.1.13 is vulnerable to SQL Injection via the validate[] parameter in the "I forgot my Password!" feature. Root cause: improper input handling in the forgot-password logic. Impact as stated: high/critical risk (partial confidentiality, integrity, and availability). No exploitati...