Description
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
Remediation
References
Related Vulnerabilities
Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.14)
Oracle JRE CVE-2020-2654 Vulnerability (CVE-2020-2654)
Oracle Database Server CVE-2019-2939 Vulnerability (CVE-2019-2939)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2019-18838)
WordPress Plugin AccessPress Social Icons Cross-Site Scripting (1.6.6)