Unrated severityNVD Advisory· Published Nov 25, 2008· Updated Jun 16, 2026
CVE-2008-5221
CVE-2008-5221
Description
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:wportfolio:wportfolio:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:wportfolio:wportfolio:*:*:*:*:*:*:*:*range: <=0.3
- cpe:2.3:a:wportfolio:wportfolio:0.2:*:*:*:*:*:*:*
- (no CPE)range: <=0.3
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.