CVE Vulnerabilities

CVE-2008-3681

Published: Aug 14, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the first enabled user (lowest id) password, typically for the administrator.

Affected Software

Name Vendor Start Version End Version
Com_user Joomla 1.5 1.5
Com_user Joomla 1.5.1 1.5.1
Com_user Joomla 1.5.2 1.5.2
Com_user Joomla 1.5.3 1.5.3
Com_user Joomla 1.5.4 1.5.4
Com_user Joomla 1.5.5 1.5.5

References