What the vulnerability does
01Description
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.
CVE-2023-35134
HIGH
CVE-2023-35134: Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password
CVSS base score
7.4/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Key dates
02Disclosure timeline
July 19, 2023
CVE published
October 28, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-2895 funadmin Member.php repass password recovery
CVE-2024-27899 Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine
CVE-2023-5840 Weak Password Recovery Mechanism for Forgotten Password in linkstackorg/linkstack
CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
CVE-2025-0331 YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery
