Wportfolio Wportfolio : Security vulnerabilities, CVEs published in 2008

Copy

CVE-2008-5221

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

Max CVSS

7.5

EPSS Score

5.00%

Published

2008-11-25

Updated

2017-09-29

CVE-2008-5220

Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.

Max CVSS

10.0

EPSS Score

3.40%

Published

2008-11-25

Updated

2017-09-29

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!