CVE-2013-7305

EUVD-2013-7082
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
e107e107
𝑥
≤ 1.0.4
e107e107
0.7.0
e107e107
0.7.1
e107e107
0.7.2
e107e107
0.7.3
e107e107
0.7.4
e107e107
0.7.5
e107e107
0.7.6
e107e107
0.7.7
e107e107
0.7.8
e107e107
0.7.9
e107e107
0.7.10
e107e107
0.7.11
e107e107
0.7.12
e107e107
0.7.13
e107e107
0.7.14
e107e107
0.7.15
e107e107
0.7.16
e107e107
0.7.17
e107e107
0.7.18
e107e107
0.7.19
e107e107
0.7.20
e107e107
0.7.21
e107e107
0.7.22
e107e107
0.7.24
e107e107
0.7.26
e107e107
1.0.1
e107e107
1.0.2
e107e107
1.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sourceforge.net/p/e107/svn/13114
http://sourceforge.net/p/e107/svn/13114