Vulnerability in N/a
CVE-2008-3681
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
EPSS: 0.553 (98.1th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- developer.joomla.org/security/news/241-20080801-core-password-remind-functional… (x_refsource_CONFIRM)
- 4157 (x_refsource_SREASON, third-party-advisory)
- 1020687 (vdb-entry, x_refsource_SECTRACK)
- 31457 (x_refsource_SECUNIA, third-party-advisory)
- joomla-reset-security-bypass(44430) (vdb-entry, x_refsource_XF)
- 30667 (vdb-entry, x_refsource_BID)
- 6234 (exploit, x_refsource_EXPLOIT-DB)