Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wPortfolio '/admin/userinfo.php' 权限绕过漏洞
Vulnerability Description
wPortfolio是一个基于PHP和Mysql的发布图片库的内容管理系统。 wPortfolio 0.3 及其早期版本的admin/userinfo.php中的account_save操作没有校验管理权限也没有要求原密码的信息,这会允许远程攻击者借助修改过的密码和password_retype参数,改变管理账户密码。
CVSS Information
N/A
Vulnerability Type
N/A