Description
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4790)
WordPress CVE-2020-28039 Vulnerability (CVE-2020-28039)
WordPress Plugin FireStorm Shopping Cart eCommerce SQL Injection (2.07.02)
WordPress Plugin Gallery-Responsive Photo and Video Gallery by Limb Cross-Site Scripting (1.3.2)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000862)