Unrated severityNVD Advisory· Published Aug 14, 2008· Updated Apr 23, 2026
CVE-2008-3681
CVE-2008-3681
Description
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
Affected products
6cpe:2.3:a:joomla:com_user:1.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:joomla:com_user:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:com_user:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:com_user:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:com_user:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:com_user:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:com_user:1.5.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/31457nvdVendor Advisory
- developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.htmlnvd
- securityreason.com/securityalert/4157nvd
- www.securityfocus.com/bid/30667nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44430nvd
- www.exploit-db.com/exploits/6234nvd
News mentions
0No linked articles in our index yet.