CVE-2016-9479 (b2evolution)

CVE-2016-9479 (b2evolution)

The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.

Source: CVE-2016-9479 (b2evolution)