Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4035

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4035
Last Modified 13 Aug 2012 09:55:50
Published 11 Aug 2012 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4035

Summary

The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.

Vulnerable Systems

Application

  • Pbboard 2.1.4


References

MISC - https://www.htbridge.com/advisory/HTB23101

XF - pbboard-index-security-bypass(77506)

BID - 54916

MISC - http://www.pbboard.com/forums/t10353.html

MISC - http://www.pbboard.com/forums/t10352.html

SECUNIA - 50153

OSVDB - 84481


Last Updated: 27 May 2016 10:51:39