Vulnerability Description
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lovecms | The Simple Forum | 3.1d |
| Lovecms | Lovecms | 1.6.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/50067
- http://secunia.com/advisories/32758Vendor Advisory
- http://securityreason.com/securityalert/4676
- http://www.securityfocus.com/bid/32435Exploit
- http://www.vupen.com/english/advisories/2008/3243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46793
- https://www.exploit-db.com/exploits/7191
- http://osvdb.org/50067
- http://secunia.com/advisories/32758Vendor Advisory
- http://securityreason.com/securityalert/4676
- http://www.securityfocus.com/bid/32435Exploit
- http://www.vupen.com/english/advisories/2008/3243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46793
- https://www.exploit-db.com/exploits/7191
FAQ
What is CVE-2008-5308?
CVE-2008-5308 is a vulnerability with a CVSS score of 7.5 (HIGH). The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct reque...
How severe is CVE-2008-5308?
CVE-2008-5308 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5308?
Check the references section above for vendor advisories and patch information. Affected products include: Lovecms The Simple Forum, Lovecms Lovecms.