Uploadscript
by Uploadscript
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0246 | 0.03 | — | 0.04 | Jan 12, 2008 | admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | |||
| CVE-2008-0245 | 0.03 | — | 0.02 | Jan 12, 2008 | admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. | |||
| CVE-2006-6377 | 0.03 | — | 0.03 | Dec 7, 2006 | Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt. |
- CVE-2008-0246Jan 12, 2008risk 0.03cvss —epss 0.04
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
- CVE-2008-0245Jan 12, 2008risk 0.03cvss —epss 0.02
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
- CVE-2006-6377Dec 7, 2006risk 0.03cvss —epss 0.03
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.