Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5219

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5219
Last Modified 29 Jan 2009 01:58:35
Published 25 Nov 2008 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5219

Summary

The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.

Vulnerable Systems

Application

  • Videoscript 4.0.1.50


References

MILW0RM - 7149

SREASON - 4634

SECUNIA - 32718

OSVDB - 49885


Last Updated: 27 May 2016 10:48:44