Vulnerability Details CVE-2012-4035
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.052
EPSS Ranking 89.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/84481
- http://secunia.com/advisories/50153
- http://www.pbboard.com/forums/t10352.html
- http://www.pbboard.com/forums/t10353.html
- http://www.securityfocus.com/bid/54916
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77506
- https://www.htbridge.com/advisory/HTB23101
- http://osvdb.org/84481
- http://secunia.com/advisories/50153
- http://www.pbboard.com/forums/t10352.html
- http://www.pbboard.com/forums/t10353.html
- http://www.securityfocus.com/bid/54916
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77506
- https://www.htbridge.com/advisory/HTB23101