Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6524


Vulnerability Score 6.5 6.5
CVE Id CVE-2008-6524
Last Modified 08 Apr 2009 01:34:47
Published 25 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.

Vulnerable Systems


  • Cale Dunlap Openinvoice 0.90


XF - openinvoice-uid-security-bypass(49580)

XF - openinvoice-cookie-security-bypass(41947)

BID - 28854

MILW0RM - 5466

Last Updated: 27 May 2016 10:49:14