Vulnerability Description
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discuz | Discuz\! | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32731Vendor Advisory
- http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htmExploit
- http://www.discuz.net/archiver/?tid-1112426.htmlVendor Advisory
- http://www.securityfocus.com/bid/32424Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
- https://www.exploit-db.com/exploits/7185
- http://secunia.com/advisories/32731Vendor Advisory
- http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htmExploit
- http://www.discuz.net/archiver/?tid-1112426.htmlVendor Advisory
- http://www.securityfocus.com/bid/32424Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
- https://www.exploit-db.com/exploits/7185
FAQ
What is CVE-2008-6957?
CVE-2008-6957 is a vulnerability with a CVSS score of 7.5 (HIGH). member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of th...
How severe is CVE-2008-6957?
CVE-2008-6957 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6957?
Check the references section above for vendor advisories and patch information. Affected products include: Discuz Discuz\!.