Unrated severityNVD Advisory· Published Jan 12, 2008· Updated Jun 16, 2026

CVE-2008-0246

Description

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Uploadscript/Uploadimage
cpe:2.3:a:uploadscript:uploadimage:1.0:*:*:*:*:*:*:*
Uploadscript/Uploadscript2 versions
cpe:2.3:a:uploadscript:uploadscript:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:uploadscript:uploadscript:1.0:*:*:*:*:*:*:*
- (no CPE)range: = 1.0

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/27203nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/39570nvd
www.exploit-db.com/exploits/4871nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000