CVE-2008-4427

2008-10-0322:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

JSON

changepassword.php in Phlatline’s Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.

References

secunia.com/advisories/31424

securityreason.com/securityalert/4349

www.securityfocus.com/bid/30627

exchange.xforce.ibmcloud.com/vulnerabilities/44389

www.exploit-db.com/exploits/6231