CVE-2008-6957

EUVD-2008-6916
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
discuzdiscuz\!
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32731
http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
http://www.discuz.net/archiver/?tid-1112426.html
http://www.securityfocus.com/bid/32424
https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
https://www.exploit-db.com/exploits/7185
http://secunia.com/advisories/32731
http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm
http://www.discuz.net/archiver/?tid-1112426.html
http://www.securityfocus.com/bid/32424
https://exchange.xforce.ibmcloud.com/vulnerabilities/46785
https://www.exploit-db.com/exploits/7185