Vulnerability Details CVE-2008-6957
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.052
EPSS Ranking 89.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/32731
- http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
- http://www.discuz.net/archiver/?tid-1112426.html
- http://www.securityfocus.com/bid/32424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
- https://www.exploit-db.com/exploits/7185
- http://secunia.com/advisories/32731
- http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
- http://www.discuz.net/archiver/?tid-1112426.html
- http://www.securityfocus.com/bid/32424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
- https://www.exploit-db.com/exploits/7185