9 lines
No EOL
552 B
Text
9 lines
No EOL
552 B
Text
source: http://www.securityfocus.com/bid/24158/info
|
|
|
|
Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords.
|
|
|
|
An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise a vulnerable application. This can also aid the attacker in further attacks.
|
|
|
|
Pligg 9.5 is reported vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/login.php?processlogin=4&username=admin&confirmationcode=1234567891e2f566cbda0a9c855240bf21b8bae030404cad7 |