Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6957

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6957
Last Modified 18 Aug 2009 12:00:00
Published 12 Aug 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6957

Summary

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

Vulnerable Systems

Application

  • Discuz%21 -


References

XF - discuz-member-security-bypass(46785)

BID - 32424

MILW0RM - 7185

MISC - http://www.discuz.net/archiver/?tid-1112426.html

MISC - http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm

SECUNIA - 32731


Last Updated: 27 May 2016 10:49:24