Uploadscript : Security vulnerabilities, CVEs

Copy

CVE-2008-0246

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Max CVSS

10.0

EPSS Score

0.55%

Published

2008-01-12

Updated

2017-09-29

CVE-2008-0245

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Max CVSS

7.5

EPSS Score

0.55%

Published

2008-01-12

Updated

2017-09-29

CVE-2006-6377

Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.

Max CVSS

7.5

EPSS Score

7.92%

Published

2006-12-07

Updated

2018-10-17

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!