How severe is CVE-2024-7659?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-7659?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2024-7659 - MEDIUM Severity | CVSS 7.5

Vulnerability Description

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2008-0087

HIGH

CVSS:7.5(High)

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

CWE-3302008

CVE-2008-0141

HIGH

CVSS:7.5(High)

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.

CWE-3302008

CVE-2008-2020

HIGH

CVSS:7.5(High)

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11,...

CWE-3302008

CVE-2008-4905

HIGH

CVSS:7.5(High)

Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.

CWE-3302008

CVE-2008-4929

HIGH

CVSS:7.5(High)

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing fil...

CWE-3302008

CVE-2009-0255

HIGH

CVSS:7.5(High)

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for at...

CWE-3302009