← back
CVE-2007-5579

CVE-2007-5579

EPSS 2.4%
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30088unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2007-05/0383.htmlhttp://osvdb.org/42031https://exchange.xforce.ibmcloud.com/vulnerabilities/34512http://www.securityfocus.com/bid/24158