Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)

Description

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Forum Server Multiple SQL Injection (1.6.5)

WordPress Plugin LearnDash LMS SQL Injection (3.1.5)

Drupal Core 8.8.x Arbitrary File Overwrite (8.8.0 - 8.8.12)

WordPress Plugin WPCS-WordPress Currency Switcher Cross-Site Request Forgery (1.1.6)

WordPress Plugin Contact Form Email Multiple Vulnerabilities (1.1.4)

Severity

Medium

Classification

CVE-2017-8385 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities