CVE-2008-0141

moderate-risk

Published 2008-01-08

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.

Do I need to act?

5.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

4835

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Webportal Cms

Affected Vendors

Webportal Cms Project

References (6)

Broken Link http://www.securityfocus.com/bid/27145

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/39486

Exploit https://www.exploit-db.com/exploits/4835

Broken Link http://www.securityfocus.com/bid/27145

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/39486

Exploit https://www.exploit-db.com/exploits/4835

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 16/34 · Moderate

Exposure 5/34 · Minimal