CVE-2008-6957

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
discuzdiscuz\!
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32731
http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
http://www.discuz.net/archiver/?tid-1112426.html
http://www.securityfocus.com/bid/32424
https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
https://www.exploit-db.com/exploits/7185
http://secunia.com/advisories/32731
http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
http://www.discuz.net/archiver/?tid-1112426.html
http://www.securityfocus.com/bid/32424
https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
https://www.exploit-db.com/exploits/7185