CVE Vulnerabilities

CVE-2008-3681

Published: Aug 14, 2008 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the first enabled user (lowest id) password, typically for the administrator.

Affected Software

Name Vendor Start Version End Version
Com_user Joomla 1.5 (including) 1.5 (including)
Com_user Joomla 1.5.1 (including) 1.5.1 (including)
Com_user Joomla 1.5.2 (including) 1.5.2 (including)
Com_user Joomla 1.5.3 (including) 1.5.3 (including)
Com_user Joomla 1.5.4 (including) 1.5.4 (including)
Com_user Joomla 1.5.5 (including) 1.5.5 (including)

References