CVE-2008-6752

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-6752
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://osvdb.org/51705
http://secunia.com/advisories/33247 Vendor Advisory
http://www.securityfocus.com/bid/34851
https://www.exploit-db.com/exploits/7523
Configurations

Configuration 1 (hide)

cpe:2.3:a:revou:revou:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2009-04-24 14:30

Updated : 2024-02-28 11:21

NVD link : CVE-2008-6752

Mitre link : CVE-2008-6752

CVE.ORG link : CVE-2008-6752

JSON object : View

Products Affected

revou

  • revou
CWE
CWE-20

Improper Input Validation