cve/CVE-2008-5221.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

POC

Reference

http://securityreason.com/securityalert/4631
https://www.exploit-db.com/exploits/7170

Github

No PoCs found on GitHub currently.

793 B Raw Blame History

CVE-2008-5221

Description

POC

Reference

Github

793 B

Raw Blame History