← back
CVE-2008-6971

CVE-2008-6971

EPSS 7.1%
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/6392unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/47945http://secunia.com/advisories/31750https://exchange.xforce.ibmcloud.com/vulnerabilities/44931https://www.exploit-db.com/exploits/6392http://www.securityfocus.com/bid/31053http://www.simplemachines.org/community/index.php?topic=260145.0