CVE-2008-3681

EPSS 17.68%
Published 14.08.2008 19:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Joomla ≫ Com User Version1.5

Joomla ≫ Com User Version1.5.1

Joomla ≫ Com User Version1.5.2

Joomla ≫ Com User Version1.5.3

Joomla ≫ Com User Version1.5.4

Joomla ≫ Com User Version1.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	17.68%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

http://secunia.com/advisories/31457

Vendor Advisory

http://securityreason.com/securityalert/4157

http://www.securityfocus.com/bid/30667

http://www.securitytracker.com/id?1020687

https://exchange.xforce.ibmcloud.com/vulnerabilities/44430

https://www.exploit-db.com/exploits/6234

https://nvd.nist.gov/vuln/detail/CVE-2008-3681

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3681

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3681

EUVD