CVE-2008-5221

Name of the Vulnerable Software and Affected Versions wPortfolio versions 0.3 and earlier

Description The issue concerns the account save action in the admin/userinfo.php file, which does not require authentication and does not demand knowledge of the original password. This allows remote attackers to change the admin account password by modifying the password and password retype parameters.

Recommendations For wPortfolio versions 0.3 and earlier, consider disabling the account save action in admin/userinfo.php until a patch is available. Restrict access to the admin/userinfo.php file to minimize the risk of exploitation. Avoid using the password and password retype parameters in the affected action until the issue is resolved.