Daniel HAHLER

1 exploit Active since Sep 2022
CVE-2022-30935 WRITEUP CRITICAL WRITEUP
b2evolution < 7.2.5 - Unauthenticated Authorization Bypass via Predictable Password Reset Tokens
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.
CVSS 9.1