Vulnerabilities > CVE-2016-9479 - Credentials Management vulnerability in B2Evolution
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://b2evolution.net/downloads/6-7-9-stable
- http://b2evolution.net/downloads/6-7-9-stable
- http://www.securityfocus.com/bid/95006
- http://www.securityfocus.com/bid/95006
- http://www.securitytracker.com/id/1037393
- http://www.securitytracker.com/id/1037393
- https://github.com/b2evolution/b2evolution/issues/33
- https://github.com/b2evolution/b2evolution/issues/33