Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Access Control Vulnerability - CVE-2015-2559 - Vulnerability Database
Drupal

Drupal Improper Access Control Vulnerability - CVE-2015-2559

Low
Reference: CVE-2015-2559
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-2559
Title: Drupal Improper Access Control Vulnerability
Overview:

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.