Lucene search

[email protected]CVE-2008-0245

HistoryJan 12, 2008 - 2:46 a.m.

CVE-2008-0245

2008-01-1202:46:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0245

admin.php

uploadimage 1.0

remote attackers

administrator privileges

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Affected configurations

NVD

Node

uploadscriptuploadimageMatch1.0

uploadscriptuploadscriptMatch1.0

CPENameOperatorVersion
uploadscript:uploadimageuploadscript uploadimageeq1.0
uploadscript:uploadscriptuploadscripteq1.0

CPE	Name	Operator	Version
uploadscript:uploadimage	uploadscript uploadimage	eq	1.0
uploadscript:uploadscript	uploadscript	eq	1.0

References

www.securityfocus.com/bid/27203

exchange.xforce.ibmcloud.com/vulnerabilities/39571

www.exploit-db.com/exploits/4871

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2008-0245

prion1 nvd1 cvelist1