CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0245

HIGH
7.5
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile3.17th
PublishedJan 12, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Affected Platforms (CPE)

πŸ“¦
Uploadscript

Uploadimage

= 1.0
πŸ“¦
Uploadscript

Uploadscript

= 1.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/27203
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39571
πŸ”— https://www.exploit-db.com/exploits/4871
πŸ”— http://www.securityfocus.com/bid/27203
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39571
πŸ”— https://www.exploit-db.com/exploits/4871

Related Vulnerabilities

CVE-2007-12556.0

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated adminis...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...