exploitDog

CVE-2008-5221

Опубликовано: 25 нояб. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wportfolio:wportfolio:*:*:*:*:*:*:*:*

Версия до 0.3 (включая)

cpe:2.3:a:wportfolio:wportfolio:0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04887

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-h8mw-3q4j-45hm

github

больше 3 лет назад

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

EPSS

Процентиль: 89%

0.04887

Низкий

7.5 High

CVSS2

Дефекты

CWE-287