2 matches found
Design/Logic Flaw
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id...
PT-2021-16885 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.1.7 through 7.10.31 SuiteCRM versions 7.11-beta through 7.11.20 Description: The issue arises from the failure to properly invalidate password reset links associated with a deleted user id, making it possible for account...