The lost password functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
Affected Software
Name |
Vendor |
Start Version |
End Version |
B2evolution |
B2evolution |
* |
6.7.8 (including) |
References