CVE-2008-6752

adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/51705
http://secunia.com/advisories/33247	Vendor Advisory
http://www.securityfocus.com/bid/34851
https://www.exploit-db.com/exploits/7523

Configurations

Configuration 1 (hide)

cpe:2.3:a:revou:revou:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-04-24 14:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-6752

Mitre link : CVE-2008-6752

CVE.ORG link : CVE-2008-6752

JSON object : View

Products Affected

revou

revou

CWE

CWE-20

Improper Input Validation

7.5 /10