Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Uploadscript Subscribe
Filtered by product Uploadscript
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6377 1 Uploadscript 1 Uploadscript 2018-10-17 7.5 HIGH N/A
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
CVE-2008-0245 1 Uploadscript 2 Uploadimage, Uploadscript 2017-09-28 7.5 HIGH N/A
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
CVE-2008-0246 1 Uploadscript 2 Uploadimage, Uploadscript 2017-09-28 10.0 HIGH N/A
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.