| Vulnerability Name: | CVE-2010-1435 (CCN-204236) | ||||||||||||
| Assigned: | 2010-01-07 | ||||||||||||
| Published: | 2010-01-07 | ||||||||||||
| Updated: | 2021-09-20 | ||||||||||||
| Summary: | Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-863 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-1435 Source: CCN Type: Joomla! Developers Web site Core - Password Reset Tokens Source: MISC Type: Vendor Advisory https://developer.joomla.org/security-centre/308-20100423-core-password-reset-tokens.html Source: XF Type: UNKNOWN joomla-cve20101435-sec-bypass(204236) Source: MISC Type: Third Party Advisory https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-security-bypass-1-5-0-1-5-15/ Source: CCN Type: Joomla Web site Joomla | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||