Description
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
Remediation
References
Related Vulnerabilities
Java Unspesificed Vulnerability (CVE-2019-2426)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.38)
WordPress Plugin WP Last Modified Info Cross-Site Scripting (1.6.5)
WebLogic CVE-2018-3252 Vulnerability (CVE-2018-3252)
WordPress Plugin Rezgo Online Booking Multiple Cross-Site Scripting Vulnerabilities (1.8)