Lucene search

[email protected]CVE-2008-0246

HistoryJan 12, 2008 - 2:46 a.m.

CVE-2008-0246

2008-01-1202:46:00

CWE-264

[email protected]

web.nvd.nist.gov

security

vulnerability

uploadscript

administrator privileges

remote attack

7.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.4%

JSON

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Affected configurations

NVD

Node

uploadscriptuploadimageMatch1.0

uploadscriptuploadscriptMatch1.0

CPENameOperatorVersion
uploadscript:uploadimageuploadscript uploadimageeq1.0
uploadscript:uploadscriptuploadscripteq1.0

CPE	Name	Operator	Version
uploadscript:uploadimage	uploadscript uploadimage	eq	1.0
uploadscript:uploadscript	uploadscript	eq	1.0

References

www.securityfocus.com/bid/27203

exchange.xforce.ibmcloud.com/vulnerabilities/39570

www.exploit-db.com/exploits/4871

7.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2008-0246

nvd1 cvelist1 prion1