Vulnerability Details CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 81.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2020-28874
-
cpe:2.3:a:projectsend:projectsend:100
-
cpe:2.3:a:projectsend:projectsend:102
-
cpe:2.3:a:projectsend:projectsend:105
-
cpe:2.3:a:projectsend:projectsend:1053
-
cpe:2.3:a:projectsend:projectsend:1070
-
cpe:2.3:a:projectsend:projectsend:110
-
cpe:2.3:a:projectsend:projectsend:155
-
cpe:2.3:a:projectsend:projectsend:156
-
cpe:2.3:a:projectsend:projectsend:157
-
cpe:2.3:a:projectsend:projectsend:161
-
cpe:2.3:a:projectsend:projectsend:180
-
cpe:2.3:a:projectsend:projectsend:335
-
cpe:2.3:a:projectsend:projectsend:375
-
cpe:2.3:a:projectsend:projectsend:405
-
cpe:2.3:a:projectsend:projectsend:412
-
cpe:2.3:a:projectsend:projectsend:514
-
cpe:2.3:a:projectsend:projectsend:559
-
cpe:2.3:a:projectsend:projectsend:561
-
cpe:2.3:a:projectsend:projectsend:582
-
cpe:2.3:a:projectsend:projectsend:753
-
cpe:2.3:a:projectsend:projectsend:754
-
cpe:2.3:a:projectsend:projectsend:756
-
cpe:2.3:a:projectsend:projectsend:r1053
-
cpe:2.3:a:projectsend:projectsend:r1070
-
cpe:2.3:a:projectsend:projectsend:r1270
-
cpe:2.3:a:projectsend:projectsend:r375
-
cpe:2.3:a:projectsend:projectsend:r405
-
cpe:2.3:a:projectsend:projectsend:r412
-
cpe:2.3:a:projectsend:projectsend:r514
-
cpe:2.3:a:projectsend:projectsend:r559
-
cpe:2.3:a:projectsend:projectsend:r561
-
cpe:2.3:a:projectsend:projectsend:r571
-
cpe:2.3:a:projectsend:projectsend:r572
-
cpe:2.3:a:projectsend:projectsend:r582
-
cpe:2.3:a:projectsend:projectsend:r609
-
cpe:2.3:a:projectsend:projectsend:r753
-
cpe:2.3:a:projectsend:projectsend:r754
-
cpe:2.3:a:projectsend:projectsend:r756