Vulnerability Details CVE-2008-4427
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/31424
- http://securityreason.com/securityalert/4349
- http://www.securityfocus.com/bid/30627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44389
- https://www.exploit-db.com/exploits/6231
- http://secunia.com/advisories/31424
- http://securityreason.com/securityalert/4349
- http://www.securityfocus.com/bid/30627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44389
- https://www.exploit-db.com/exploits/6231
Products affected by CVE-2008-4427
-
cpe:2.3:a:phlatline:personal_information_manager:*