header-logo
Suggest Exploit
vendor:
Pligg
by:
SecurityFocus
7.5
CVSS
HIGH
Security Bypass
287
CWE
Product Name: Pligg
Affected Version From: 9.5
Affected Version To: 9.5
Patch Exists: Yes
Related CWE: N/A
CPE: a:pligg:pligg
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Pligg Security Bypass Vulnerability

Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise a vulnerable application. This can also aid the attacker in further attacks.

Mitigation:

Ensure that the application is updated to the latest version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24158/info

Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords.

An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise a vulnerable application. This can also aid the attacker in further attacks.

Pligg 9.5 is reported vulnerable; other versions may also be affected. 

http://www.example.com/login.php?processlogin=4&username=admin&confirmationcode=1234567891e2f566cbda0a9c855240bf21b8bae030404cad7

Navigation

Suggest Exploit

Services By CQR