CVE-2008-3681

EPSS 17.68%
Veröffentlicht 14.08.2008 19:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Joomla ≫ Com User Version1.5

Joomla ≫ Com User Version1.5.1

Joomla ≫ Com User Version1.5.2

Joomla ≫ Com User Version1.5.3

Joomla ≫ Com User Version1.5.4

Joomla ≫ Com User Version1.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.68%	0.949

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

http://secunia.com/advisories/31457

Vendor Advisory

http://securityreason.com/securityalert/4157

http://www.securityfocus.com/bid/30667

http://www.securitytracker.com/id?1020687

https://exchange.xforce.ibmcloud.com/vulnerabilities/44430

https://www.exploit-db.com/exploits/6234

https://nvd.nist.gov/vuln/detail/CVE-2008-3681

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3681

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3681

EUVD