Описание
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:textpattern:textpattern:4.0.5:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00548
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
ubuntu
почти 17 лет назад
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
debian
почти 17 лет назад
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password duri ...
github
больше 3 лет назад
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
EPSS
Процентиль: 67%
0.00548
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-255