CVE-2013-7305

fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
e107e107
𝑥
≤ 1.0.4
e107e107
0.7.0
e107e107
0.7.1
e107e107
0.7.2
e107e107
0.7.3
e107e107
0.7.4
e107e107
0.7.5
e107e107
0.7.6
e107e107
0.7.7
e107e107
0.7.8
e107e107
0.7.9
e107e107
0.7.10
e107e107
0.7.11
e107e107
0.7.12
e107e107
0.7.13
e107e107
0.7.14
e107e107
0.7.15
e107e107
0.7.16
e107e107
0.7.17
e107e107
0.7.18
e107e107
0.7.19
e107e107
0.7.20
e107e107
0.7.21
e107e107
0.7.22
e107e107
0.7.24
e107e107
0.7.26
e107e107
1.0.1
e107e107
1.0.2
e107e107
1.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sourceforge.net/p/e107/svn/13114
http://sourceforge.net/p/e107/svn/13114