CVE-2008-0245

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/27203	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39571
https://www.exploit-db.com/exploits/4871
http://www.securityfocus.com/bid/27203	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39571
https://www.exploit-db.com/exploits/4871

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:uploadscript:uploadimage:1.0:::::::*
	cpe:2.3:a:uploadscript:uploadscript:1.0:::::::*

History

21 Nov 2024, 00:41

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/27203 - Exploit~~	() http://www.securityfocus.com/bid/27203 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/39571 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/39571 -
References	~~() https://www.exploit-db.com/exploits/4871 -~~	() https://www.exploit-db.com/exploits/4871 -

Information

Published : 2008-01-12 02:46

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0245

Mitre link : CVE-2008-0245

CVE.ORG link : CVE-2008-0245

JSON object : View

Products Affected

uploadscript

uploadimage
uploadscript

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-0245", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-12T02:46:00.000", "references": [{"url": "http://www.securityfocus.com/bid/27203", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39571", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4871", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27203", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39571", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/4871", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action."}, {"lang": "es", "value": "admin.php in UploadImage 1.0 no comprueba la contrase\u00f1a original antes de realizar un cambio en la nueva contrase\u00f1a, lo cual permite que atacantes remotos consigan privilegios de administraci\u00f3n, usando el par\u00e1metro pass sin contrase\u00f1a alguna (Set Password)"}], "lastModified": "2024-11-21T00:41:29.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uploadscript:uploadimage:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "287FA391-5E0C-47DF-BFAA-E1C75836A1F3"}, {"criteria": "cpe:2.3:a:uploadscript:uploadscript:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4A3A60-D613-4A1C-BC38-5BE9174813F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}