CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0246

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile29.29th
PublishedJan 12, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Affected Platforms (CPE)

πŸ“¦
Uploadscript

Uploadimage

= 1.0
πŸ“¦
Uploadscript

Uploadscript

= 1.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/27203
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39570
πŸ”— https://www.exploit-db.com/exploits/4871
πŸ”— http://www.securityfocus.com/bid/27203
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39570
πŸ”— https://www.exploit-db.com/exploits/4871

Related Vulnerabilities

CVE-2008-02457.5

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remot...

CVE-2007-12556.0

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated adminis...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...