Description

fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.

Remediation

References

CVE-2013-7305

Related Vulnerabilities

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1320)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-1283)

WordPress Plugin BrewMaster Multiple Cross-Site Scripting Vulnerabilities (1.0)

Grafana Incorrect Authorization Vulnerability (CVE-2022-21713)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.01)

Severity

Medium

Classification

CVE-2013-7305

Tags

Missing Update Known Vulnerabilities