PivotX 'Reset My Password' Feature Data Manipulation Vulnerability Network Vulnerability

Summary

This host is running PivotX and is prone to data manipulation vulnerability.

Impact

Successful exploitation will allow remote attackers to gain privileges via unknown vectors. Impact Level: Application.

Solution

Upgrade to PivotX version 2.2.5 or later For updates refer to http://pivotx.net/

Insight

This issue is caused by an error in the 'Reset my password' feature, which could allow unauthenticated attackers to change the password of any account by guessing the username.

Affected

PivotX version before 2.2.5

References

http://blog.pivotx.net/2011-02-16/pivotx-225-released
http://forum.pivotx.net/viewtopic.php?f=2&t=1967
http://www.vupen.com/english/advisories/2011/0445

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-1035

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari RSS Feed Information Disclosure Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
A Really Simple Chat Multiple SQL Injection Vulnerabilities
ActivePerl perlIS.dll Buffer Overflow

PivotX 'Reset my password' Feature Data Manipulation Vulnerability

Take action and discover your vulnerabilities