CVE-2008-5221

wPortfolio <0.3 - Auth Bypass

Title source: llm

Description

The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by G4N0K · phpwebappsphp
https://www.exploit-db.com/exploits/7170

References (5)

Scores

EPSS 0.0489
EPSS Percentile 89.4%

Classification

CWE
CWE-287
Status draft

Affected Products (2)

wportfolio/wportfolio < 0.3
wportfolio/wportfolio

Timeline

Published Nov 25, 2008
Tracked Since Feb 18, 2026