CVE-2015-6928
CubeCart 5.2.12-5.2.16 and 6.x < 6.0.7 - Unauthenticated Administrative Password Reset via Password Recovery Bypass
Title source: llmDescription
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/40
Exploit x_refsource_misc
http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034015
Scores
EPSS
0.0219
EPSS Percentile
80.2%
Details
CWE
CWE-284
Status
published
Products (11)
cubecart/cubecart
5.2.12
cubecart/cubecart
5.2.13
cubecart/cubecart
5.2.14
cubecart/cubecart
5.2.15
cubecart/cubecart
6.0.0
cubecart/cubecart
6.0.1
cubecart/cubecart
6.0.2
cubecart/cubecart
6.0.3
cubecart/cubecart
6.0.4
cubecart/cubecart
6.0.5
... and 1 more
Published
Sep 28, 2015
Tracked Since
Feb 18, 2026