Vulnerabilities > CVE-2007-5579 - Credentials Management vulnerability in Pligg CMS 9.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pligg

CWE-255

exploit available

NVD

Published: 2007-10-18

Updated: 2017-07-29

Summary

login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.

Vulnerable Configurations

Part	Description	Count
Application	Pligg Pligg Pligg CMS 9.5	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Pligg 9.5 Reset Forgotten Password Security Bypass Vulnerability. CVE-2007-5579. Webapps exploit for php platform
id	EDB-ID:30088
last seen	2016-02-03
modified	2007-05-25
published	2007-05-25
reporter	242th section
source	https://www.exploit-db.com/download/30088/
title	Pligg 9.5 Reset Forgotten Password Security Bypass Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References