CVE-2008-6957

critical

Description

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

References

https://www.exploit-db.com/exploits/7185

https://exchange.xforce.ibmcloud.com/vulnerabilities/46785

http://www.discuz.net/archiver/?tid-1112426.html

http://secunia.com/advisories/32731

Details

Source: Mitre, NVD

Published: 2009-08-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.05181

Detections

Analytics