Back to search
CVE-2008-5221
Published: Nov 25, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
4631
third-party-advisory
x_refsource_SREASON
7170
exploit
x_refsource_EXPLOIT-DB
ADV-2008-3219
vdb-entry
x_refsource_VUPEN
wportfolio-userinfo-security-bypass(46772)
vdb-entry
x_refsource_XF
32384
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now