CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-0245

HIGH
7.5
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile3.17th
Published2008年1月12日
Last Modified2026年4月23日

Vulnerability Description

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Affected Platforms (CPE)

📦
Uploadscript

Uploadimage

= 1.0
📦
Uploadscript

Uploadscript

= 1.0

References & Advisories

🔗 http://www.securityfocus.com/bid/27203
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39571
🔗 https://www.exploit-db.com/exploits/4871
🔗 http://www.securityfocus.com/bid/27203
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39571
🔗 https://www.exploit-db.com/exploits/4871

関連する脆弱性情報

CVE-2007-12556.0

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated adminis...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...