Description

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

Remediation

References

CVE-2017-8385

Related Vulnerabilities

WordPress Plugin Buddy Share It Allusers FB YR Arbitrary File Upload (3.2.8)

WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)

Joomla CVE-2021-23127 Vulnerability (CVE-2021-23127)

phpMyAdmin Other Vulnerability (CVE-2005-3301)

Roundcube Cross-site Request Forgery (CSRF) Vulnerability (CVE-2016-4069)

Severity

Medium

Classification

CVE-2017-8385 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities