CVE-2008-5219

Name of the Vulnerable Software and Affected Versions VideoScript versions 4.0.1.50 and earlier

Description The issue concerns the password change feature, specifically the "admin/cp.php" endpoint, which does not properly authenticate administrative access and does not require the original password to change the admin account password. This allows remote attackers to modify the admin account password by manipulating the npass and npass1 parameters.

Recommendations For VideoScript versions 4.0.1.50 and earlier, as a temporary workaround, consider disabling the password change feature in the "admin/cp.php" endpoint until a proper fix is available. Restrict access to the "admin/cp.php" endpoint to minimize the risk of exploitation. Avoid using the npass and npass1 parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.