The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-11-25T18:09:00
Updated: 2024-08-07T10:49:11.835Z
Reserved: 2008-11-25T00:00:00
Link: CVE-2008-5221
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-11-25T18:30:00.500
Modified: 2024-11-21T00:53:35.470
Link: CVE-2008-5221
Redhat
No data.