Unrated severityNVD Advisory· Published Nov 25, 2008· Updated Apr 23, 2026
CVE-2008-5221
CVE-2008-5221
Description
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
Affected products
2cpe:2.3:a:wportfolio:wportfolio:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wportfolio:wportfolio:*:*:*:*:*:*:*:*range: <=0.3
- cpe:2.3:a:wportfolio:wportfolio:0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.