Description CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. Remediation References CVE-2018-20716 Related Vulnerabilities IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9973) phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2642) phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000419) Joomla! Core Denial of Service (2.5.0 - 3.9.27) Moodle Other Vulnerability (CVE-2010-1616) Severity Critical Classification CVE-2018-20716 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities