Vulnerability Description
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cale Dunlap | Openinvoice | <= 0.90 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/28854Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41947
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49580
- https://www.exploit-db.com/exploits/5466
- http://www.securityfocus.com/bid/28854Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41947
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49580
- https://www.exploit-db.com/exploits/5466
FAQ
What is CVE-2008-6524?
CVE-2008-6524 is a vulnerability with a CVSS score of 6.5 (MEDIUM). resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separa...
How severe is CVE-2008-6524?
CVE-2008-6524 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6524?
Check the references section above for vendor advisories and patch information. Affected products include: Cale Dunlap Openinvoice.