CVE-2008-3681

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

We have discovered 212,893 live websites that are affected by CVE-2008-3681.

Run a Free Instant Scan



Affected Software

Product  Joomla
Category Content Management System
Vulnerable Domains212,893 live websites (96% of Joomla install base)
Vulnerable Versions
  • from 0 through 1.5.5
Vulnerable Versions Count1 versions ( 0.97% of all versions)



Details

  • Published - Aug 15, 2008
  • Updated - Aug 7, 2024

Website Distribution by Country

Number of websites using CVE-2008-3681
United States13,290 websites


Italy54,270 websites
Russia14,917 websites
Poland13,629 websites
GB13,427 websites
Germany12,457 websites
Netherlands8,807 websites
Iran7,628 websites
South Africa7,008 websites
Kazakhstan6,647 websites

Website Distribution by TLD

Number of websites using CVE-2008-3681
.com51,834 websites
.it35,370 websites
.ru12,580 websites
.pl9,601 websites
.co.uk6,594 websites
.org6,187 websites
.de4,980 websites
.nl4,863 websites
.net4,637 websites
.se3,393 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2008-3681

Top websites that are affected by CVE-2008-3681. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****************.de Germany*,***
*******.**.ca Canada*,***
*****.com Italy**,***
***********.**.za South Africa**,***
**************.se Sweden**,***
***************.com Italy**,***
*********.com GB**,***
************.com Germany**,***
*********************.com United States**,***
*****************.co GB**,***
See full domain list

FAQ

A total of 212,893 websites have been identified as vulnerable to CVE-2008-3681, based on global website indexing conducted by WebTechSurvey.
The Joomla is affected by the CVE-2008-3681 vulnerability.
Joomla versions up to and including 1.5.5 are vulnerable to CVE-2008-3681.