Password Reset Vulnerability in Crossday Discuz! Board
CVE-2008-6957

Currently unrated

Key Information:

Vendor: Discuz
Status: Discuz\!
Vendor: CVE Published:; 12 August 2009

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-6957?

A vulnerability in member.php of Crossday Discuz! Board allows remote attackers to exploit the password reset mechanism. This can be achieved through crafted requests to the lostpasswd and getpasswd actions, which may involve the predictable generation of the id parameter, enabling unauthorized password resets for arbitrary users. Proper input validation and session management measures are critical to mitigate this flaw.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-6957 - Proof of Concept

References

https://www.exploit-db.com/exploits/7185

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/32731

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46785

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 12, 2009
👾
Exploit known to exist
Aug 12, 2009
Vulnerability published
Aug 12, 2009
Vulnerability Reserved
Aug 11, 2009

CVE-2008-6957 Data

JSON