CVE-2008-6524

resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
Configurations

Configuration 1

cpe:2.3:a:cale_dunlap:openinvoice:*:beta:*:*:*:*:*:*

Information

Published : 2009-03-25 06:30

Updated : 2017-09-29 01:33


NVD link : CVE-2008-6524

Mitre link : CVE-2008-6524

Products Affected
No products.
CWE