CVE-2007-5579

Name of the Vulnerable Software and Affected Versions Pligg CMS version 9.5

Description The issue concerns a password reset mechanism in Pligg CMS. Specifically, the login.php file uses a guessable confirmation code, allowing remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.

Recommendations For Pligg CMS version 9.5, consider temporarily disabling the password reset feature in login.php until a secure alternative is implemented to prevent exploitation. Restrict access to the login.php file to minimize the risk of unauthorized password resets. Avoid using the confirmationcode parameter in the password reset process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.