CVE-2003-0494

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.

Published: Aug 7, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0494
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
snitz_communications / snitz_forums_2000	3.4.03	3.4.03.x

http://marc.info/?l=bugtraq&m=105578322012128&w=2
http://www.securityfocus.com/bid/7925
https://exchange.xforce.ibmcloud.com/vulnerabilities/12326

Vulnerability Database

291,049

CVE-2003-0494