Description
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
Remediation
References
Related Vulnerabilities
Django Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-45116)
WordPress Plugin Convert Docx2post Arbitrary File Upload (1.4)
IBM WebSEAL CVE-2018-1850 Vulnerability (CVE-2018-1850)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)
Apache HTTP Server CVE-2018-1283 Vulnerability (CVE-2018-1283)