Detections
Analytics

CVE-2008-3681

high

Description

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

References

https://www.exploit-db.com/exploits/6234

https://exchange.xforce.ibmcloud.com/vulnerabilities/44430

http://www.securitytracker.com/id?1020687

http://www.securityfocus.com/bid/30667

http://securityreason.com/securityalert/4157

http://secunia.com/advisories/31457

http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

Details

Source: Mitre, NVD

Published: 2008-08-14

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.1271