Description
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Access Expiration Cross-Site Scripting (1.1)
e107 Other Vulnerability (CVE-2005-2327)
WordPress Plugin Membership Simplified Arbitrary File Download (1.58)
WordPress Plugin PHPFreeChat 'url' Parameter Cross-Site Scripting (0.2.8)
Apache Traffic Server CVE-2015-5206 Vulnerability (CVE-2015-5206)