CVE-2008-6957

Опубликовано: 12 авг. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

Ссылки

http://secunia.com/advisories/32731
Vendor Advisory
http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
Exploit
http://www.discuz.net/archiver/?tid-1112426.html
Vendor Advisory
http://www.securityfocus.com/bid/32424
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
https://www.exploit-db.com/exploits/7185
http://secunia.com/advisories/32731
Vendor Advisory
http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
Exploit
http://www.discuz.net/archiver/?tid-1112426.html
Vendor Advisory
http://www.securityfocus.com/bid/32424
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
https://www.exploit-db.com/exploits/7185

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:discuz:discuz\!:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06677

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-96x5-37gv-6jg4

github

больше 3 лет назад