CVE-2008-0246

Name of the Vulnerable Software and Affected Versions UploadScript version 1.0

Description The issue allows remote attackers to gain administrator privileges due to a lack of original password verification when changing to a new password. This is achieved via the pass parameter in a 'nopass' (Set Password) action.

Recommendations For UploadScript version 1.0, consider disabling the password change functionality until a patch is available to enforce original password checks before allowing changes to a new password. Restrict access to the admin.php script to minimize the risk of exploitation. Avoid using the pass parameter in the 'nopass' action for the time being.