ByteOS Network

NVD Vulnerability Details :

CVE-2008-5219

Modified

Source-cve@mitre.org

Published At-25 Nov, 2008 | 18:30

Updated At-23 Apr, 2026 | 00:35

The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

videoscript>>videoscript>>Versions up to 4.0.1.50(inclusive)

cpe:2.3:a:videoscript:videoscript:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	nvd@nist.gov

CWE ID: CWE-287

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/49885	cve@mitre.org	N/A
http://secunia.com/advisories/32718	cve@mitre.org	Vendor Advisory
http://securityreason.com/securityalert/4634	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/7149	cve@mitre.org	N/A
http://osvdb.org/49885	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/32718	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://securityreason.com/securityalert/4634	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/7149	af854a3a-2127-422b-91ae-364da2661108	N/A