Description CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. Remediation References CVE-2018-20716 Related Vulnerabilities PHP Insufficient Entropy Vulnerability (CVE-2008-2108) WebLogic CVE-2016-3510 Vulnerability (CVE-2016-3510) Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33333) Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-1433) WordPress Plugin WebLibrarian SQL Injection (3.5.4) Severity Critical Classification CVE-2018-20716 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities