CVE-2008-6524
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
25/03/2009
Last modified:
09/04/2025
Description
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cale_dunlap:openinvoice:*:beta:*:*:*:*:*:* | 0.90 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/28854
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41947
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49580
- https://www.exploit-db.com/exploits/5466
- http://www.securityfocus.com/bid/28854
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41947
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49580
- https://www.exploit-db.com/exploits/5466