RSS   Vulnerabilities for 'Reset password'   RSS

2020-09-17
 
CVE-2020-25728

CWE-640
 

 
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

 
 
CVE-2020-25727

CWE-89
 

 
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.

 

 >>> Vendor: Alfresco 3 Products
Alfresco
Community edition
Reset password


Copyright 2021, cxsecurity.com

 

Back to Top