PT-2009-2426 · Crossday · Crossday Discuz! Board
80Vul
·
Publicado
2009-08-12
·
Atualizado
2017-09-29
·
CVE-2008-6957
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Crossday Discuz! Board (affected versions not specified)
Description:
The issue concerns a problem in the member.php file of Crossday Discuz! Board, where remote attackers can reset passwords of arbitrary users. This is achieved through crafted actions, specifically (1) lostpasswd and (2) getpasswd, which may involve the predictable generation of the
id parameter.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Crossday Discuz! Board