CVE-2008-5219

VideoScript <4.0.1.50 - Auth Bypass

Title source: llm

Description

The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by G4N0K · phpwebappsphp

https://www.exploit-db.com/exploits/7149

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/32718

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7149

[Third Party Advisory, VDB Entry] http://osvdb.org/49885

[Third Party Advisory] http://securityreason.com/securityalert/4634

Scores

EPSS 0.0358

EPSS Percentile 87.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

videoscript/videoscript < 4.0.1.50

Timeline

Published Nov 25, 2008

Tracked Since Feb 18, 2026