CVE-2015-6928

Current Description

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.

Basic Data

PublishedSeptember 28, 2015
Last ModifiedDecember 07, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-284
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCubecartCubecart5.2.12*******
    2.3ApplicationCubecartCubecart5.2.13*******
    2.3ApplicationCubecartCubecart5.2.14*******
    2.3ApplicationCubecartCubecart5.2.15*******
    2.3ApplicationCubecartCubecart6.0.0*******
    2.3ApplicationCubecartCubecart6.0.1*******
    2.3ApplicationCubecartCubecart6.0.2*******
    2.3ApplicationCubecartCubecart6.0.3*******
    2.3ApplicationCubecartCubecart6.0.4*******
    2.3ApplicationCubecartCubecart6.0.5*******
    2.3ApplicationCubecartCubecart6.0.6*******

Vulnerable Software List

VendorProductVersions
Cubecart Cubecart 5.2.12, 5.2.13, 5.2.14, 5.2.15, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6

References

NameSourceURLTags
http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.htmlhttp://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.htmlMISCExploit
20150910 CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerabilityhttp://seclists.org/fulldisclosure/2015/Sep/40FULLDISCExploit
1034015http://www.securitytracker.com/id/1034015SECTRACK
https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/CONFIRMPATCH Vendor Advisory