CVE-2008-6957

Discuz! - Access Control

Title source: rule

Description

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 80vul · phpwebappsphp

https://www.exploit-db.com/exploits/7185

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/32731

[Exploit] http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm

[Vendor Advisory] http://www.discuz.net/archiver/?tid-1112426.html

[Exploit] http://www.securityfocus.com/bid/32424

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46785

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7185

Scores

EPSS 0.0668

EPSS Percentile 91.3%

Details

CWE

CWE-264

Status published

Products (1)

discuz/discuz\!

Published Aug 12, 2009

Tracked Since Feb 18, 2026