Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)
Description
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Looking for the vulnerability index of Invicti's legacy products?