Lucene search

[email protected]CVE-2008-6957

HistoryAug 12, 2009 - 10:30 a.m.

CVE-2008-6957

2009-08-1210:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-6957

crossday discuz! board

remote attackers

password reset

nvd

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.8%

JSON

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

Affected configurations

NVD

Node

discuzdiscuz\!Match-

CPENameOperatorVersion
discuz:discuz\!discuz discuz!eq-

CPE	Name	Operator	Version
discuz:discuz\!	discuz discuz!	eq	-

References

secunia.com/advisories/32731

www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm

www.discuz.net/archiver/?tid-1112426.html

www.securityfocus.com/bid/32424

exchange.xforce.ibmcloud.com/vulnerabilities/46785

www.exploit-db.com/exploits/7185

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2008-6957

prion1 nvd1 cvelist1