CVE-2008-3681

Published: Aug 14, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

Affected (6)

Products: Joomla: Com User

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Joomla Com User	Version 1.5.1
Joomla Com User	Version 1.5.2
Joomla Com User	Version 1.5.3
Joomla Com User	Version 1.5.4
Joomla Com User	Version 1.5.5
Joomla Com User	Version 1.5

Related CWEs

References (14)

http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

Source: cve@mitre.org

http://secunia.com/advisories/31457

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/4157

Source: cve@mitre.org

http://www.securityfocus.com/bid/30667

Source: cve@mitre.org

http://www.securitytracker.com/id?1020687

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44430

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6234

Source: cve@mitre.org

http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31457

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/4157

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30667

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020687

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44430

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6234

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.