Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5221

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5221
Last Modified 07 Mar 2011 10:14:11
Published 25 Nov 2008 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5221

Summary

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

Vulnerable Systems

Application

  • Wportfolio 0.2

  • Wportfolio 0.3


References

XF - wportfolio-userinfo-security-bypass(46772)

VUPEN - ADV-2008-3219

BID - 32384

MILW0RM - 7170

SREASON - 4631


Last Updated: 27 May 2016 10:48:44