CVE-2024-0425 (GCVE-0-2024-0425)
Vulnerability from cvelistv5 – Published: 2024-01-11 20:00 – Updated: 2025-06-09 18:38
VLAI?
Summary
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-640 - Weak Password Recovery
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Mi2ac1e (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.250444"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250444"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0425",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T20:19:42.639400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:38:40.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "ForU",
"versions": [
{
"status": "affected",
"version": "2020-06-23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Mi2ac1e (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444."
},
{
"lang": "de",
"value": "In ForU CMS bis 2020-06-23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/index.php?act=reset_admin_psw. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T20:00:05.796Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.250444"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250444"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-11T13:44:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "ForU CMS password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0425",
"datePublished": "2024-01-11T20:00:05.796Z",
"dateReserved": "2024-01-11T12:38:46.884Z",
"dateUpdated": "2025-06-09T18:38:40.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2020-06-23\", \"matchCriteriaId\": \"EAC3894B-590E-44A9-A01C-A330C98EC000\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad fue encontrada en ForU CMS hasta el 23-06-2020 y clasificada como cr\\u00edtica. Esta vulnerabilidad afecta a c\\u00f3digo desconocido del archivo /admin/index.php?act=reset_admin_psw. La manipulaci\\u00f3n conduce a una recuperaci\\u00f3n de contrase\\u00f1a d\\u00e9bil. El ataque se puede iniciar de forma remota. La explotaci\\u00f3n ha sido divulgada al p\\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250444.\"}]",
"id": "CVE-2024-0425",
"lastModified": "2024-11-21T08:46:33.727",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2024-01-11T20:15:44.700",
"references": "[{\"url\": \"https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.250444\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.250444\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.250444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?id.250444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-640\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-0425\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-01-11T20:15:44.700\",\"lastModified\":\"2024-11-21T08:46:33.727\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad fue encontrada en ForU CMS hasta el 23-06-2020 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/index.php?act=reset_admin_psw. La manipulaci\u00f3n conduce a una recuperaci\u00f3n de contrase\u00f1a d\u00e9bil. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250444.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-640\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2020-06-23\",\"matchCriteriaId\":\"EAC3894B-590E-44A9-A01C-A330C98EC000\"}]}]}],\"references\":[{\"url\":\"https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.250444\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.250444\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.250444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.250444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2024-01-11T20:00:05.796Z\"}, \"title\": \"ForU CMS password recovery\", \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"cweId\": \"CWE-640\", \"lang\": \"en\", \"description\": \"CWE-640 Weak Password Recovery\"}]}], \"affected\": [{\"vendor\": \"ForU\", \"product\": \"CMS\", \"versions\": [{\"version\": \"2020-06-23\", \"status\": \"affected\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.\"}, {\"lang\": \"de\", \"value\": \"In ForU CMS bis 2020-06-23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/index.php?act=reset_admin_psw. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \\u00fcber das Netzwerk. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseSeverity\": \"MEDIUM\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseSeverity\": \"MEDIUM\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\"}}], \"timeline\": [{\"time\": \"2024-01-11T00:00:00.000Z\", \"lang\": \"en\", \"value\": \"Advisory disclosed\"}, {\"time\": \"2024-01-11T01:00:00.000Z\", \"lang\": \"en\", \"value\": \"VulDB entry created\"}, {\"time\": \"2024-01-11T13:44:03.000Z\", \"lang\": \"en\", \"value\": \"VulDB entry last update\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Mi2ac1e (VulDB User)\", \"type\": \"analyst\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.250444\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.250444\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md\", \"tags\": [\"exploit\"]}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:04:49.766Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://vuldb.com/?id.250444\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://vuldb.com/?ctiid.250444\", \"tags\": [\"signature\", \"permissions-required\", \"x_transferred\"]}, {\"url\": \"https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md\", \"tags\": [\"exploit\", \"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0425\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-08T20:19:42.639400Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-09T18:38:33.127Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-0425\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"VulDB\", \"dateReserved\": \"2024-01-11T12:38:46.884Z\", \"datePublished\": \"2024-01-11T20:00:05.796Z\", \"dateUpdated\": \"2025-06-09T18:38:40.050Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…