Vulnerabilities > CVE-2008-6524 - Credentials Management vulnerability in Cale Dunlap Openinvoice
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | OpenInvoice 0.9 Arbitrary Change User Password Exploit. CVE-2008-6523,CVE-2008-6524. Webapps exploit for php platform |
file | exploits/php/webapps/5466.pl |
id | EDB-ID:5466 |
last seen | 2016-01-31 |
modified | 2008-04-18 |
platform | php |
port | |
published | 2008-04-18 |
reporter | t0pP8uZz |
source | https://www.exploit-db.com/download/5466/ |
title | OpenInvoice 0.9 - Arbitrary Change User Password Exploit |
type | webapps |