Home / exploits pligg-password.txt
Posted on 31 May 2007
Pligg critical vulnerability Concerned version : 9.5 and ? Description : Pligg is a flexible CMS based on PHP and MYSQL. To reinitialize a forgotten password, Pligg follows a classical process. A confirmation code is generated and sent by email to the concerned user mail box. The user has to follow the link containing the confirmation code and if the confirmation code is checked successfully, the password is reinitialized to a pre-defined value. you can find a part of the source code in charge of this check below : WEB_ROOT/libs/html1.php [