3 matches found
CVE-2025-8119
PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged user's password to defined by the attacker value. This issue...
PT-2022-17234 · Ec Cube · Ec-Cube
Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 3.0.0 through 3.0.18-p3 EC-CUBE versions 4.0.0 through 4.1.1 Description: The issue arises from improper handling of HTTP Host header values, allowing a remote unauthenticated attacker to manipulate the vulnerable version of...
MGASA-2015-0121 Updated drupal packages fix security vulnerabilities
Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password CVE-2015-2559. Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd...