CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.9%
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the “first enabled user (lowest id)” password, typically for the administrator.
Vendor | Product | Version | CPE |
---|---|---|---|
joomla | com_user | 1.5 | cpe:2.3:a:joomla:com_user:1.5:*:*:*:*:*:*:* |
joomla | com_user | 1.5.1 | cpe:2.3:a:joomla:com_user:1.5.1:*:*:*:*:*:*:* |
joomla | com_user | 1.5.2 | cpe:2.3:a:joomla:com_user:1.5.2:*:*:*:*:*:*:* |
joomla | com_user | 1.5.3 | cpe:2.3:a:joomla:com_user:1.5.3:*:*:*:*:*:*:* |
joomla | com_user | 1.5.4 | cpe:2.3:a:joomla:com_user:1.5.4:*:*:*:*:*:*:* |
joomla | com_user | 1.5.5 | cpe:2.3:a:joomla:com_user:1.5.5:*:*:*:*:*:*:* |
More