2007-10-18 22:00:00
mitre
PUBLISHED
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that users password by calculating the confirmationcode parameter.