components/com_user/models/reset.php in Joomla! 1.5 up to and including 1.5.5 does not properly validate reset tokens, which allows remote malicious users to reset the "first enabled user (lowest id)" password, typically for the administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joomla com user 1.5.1 |
||
joomla com user 1.5.2 |
||
joomla com user 1.5.3 |
||
joomla com user 1.5.4 |
||
joomla com user 1.5 |
||
joomla com user 1.5.5 |