components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2008-08-14 12:41
Updated : 2017-09-28 18:31
NVD link : CVE-2008-3681
Mitre link : CVE-2008-3681
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
joomla
- com_user