CVE-2012-4035

PBBoard 2.1.4 - Unauthenticated Arbitrary Password Change via member_id and new_password Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4035. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in PBBoard 2.1.4 by allowing an attacker to reset the password of any user (e.g., member_id=1) without proper authorization. The form submits a new password directly, exploiting flawed password reset logic.

Description

The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/37615

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in PBBoard 2.1.4 by allowing an attacker to reset the password of any user (e.g., member_id=1) without proper authorization. The form submits a new password directly, exploiting flawed password reset logic.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PBBoard 2.1.4

No auth needed

Prerequisites: Access to the password reset endpoint · Knowledge of target member_id

MITRE ATT&CK