Unrated severityNVD Advisory· Published Sep 28, 2015· Updated Jun 17, 2026
CVE-2015-6928
CVE-2015-6928
Description
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:cubecart:cubecart:5.2.12:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:cubecart:cubecart:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:5.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:6.0.6:*:*:*:*:*:*:*
- (no CPE)range: 5.2.12 - 5.2.16, 6.0.0 - 6.0.6
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.