CVE-2008-5221 in wPortfolioinfo

Summary

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

11/25/2008

Disclosure

11/25/2008

Moderation

VulDB entry created

Entries

VDB-45171 (1)

CPE

ready

CWE

CWE-287 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.04887

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5221
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5221
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5221/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!