CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-0246

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile29.29th
Published2008年1月12日
Last Modified2026年4月23日

Vulnerability Description

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Affected Platforms (CPE)

📦
Uploadscript

Uploadimage

= 1.0
📦
Uploadscript

Uploadscript

= 1.0

References & Advisories

🔗 http://www.securityfocus.com/bid/27203
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39570
🔗 https://www.exploit-db.com/exploits/4871
🔗 http://www.securityfocus.com/bid/27203
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39570
🔗 https://www.exploit-db.com/exploits/4871

相關漏洞威脅

CVE-2008-02457.5

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remot...

CVE-2007-12556.0

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated adminis...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...