Description

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

Remediation

References

CVE-2016-9450

Related Vulnerabilities

WordPress Plugin FormCraft-Contact Form Builder SQL Injection (1.0.5)

WordPress Plugin WP Limit Login Attempts SQL Injection (2.0.0)

WordPress Plugin YITH WooCommerce Order Tracking Security Bypass (1.2.10)

WordPress Plugin Quiz Maker SQL Injection (6.5.8.3)

WordPress Plugin WCFM-Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible SQL Injection (6.5.11)

Severity

High

Classification

CVE-2016-9450 CWE-345 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities