NVD

Id
6688  
Name
CVE-2008-6957  
Description
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2009-08-12  
Modified Date
2009-08-18  
Seq
2008-6957  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
38371 6688 CVE-2008-6957 http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm  View
38372 6688 CVE-2008-6957 http://www.discuz.net/archiver/?tid-1112426.html  View
38373 6688 CVE-2008-6957 7185  View
38374 6688 CVE-2008-6957 32424  View
38375 6688 CVE-2008-6957 discuz-member-security-bypass(46785)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
42058 JVNDB-2009-003065 Crossday Discuz! Board の member.php における任意ユーザのパスワードをリセットされる脆弱性 Crossday Discuz! Board の member.php は、id パラメータの生成が予測可能である不備があるため、任意ユーザのパスワードをリセットされる脆弱性が存在します。 CVE-2008-6957 37070 CVE-2008-6957 6688 7.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003065.html 2009-08-12 2012-06-26 View