Vulnerability Description
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Revou | Revou | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/51705
- http://secunia.com/advisories/33247Vendor Advisory
- http://www.securityfocus.com/bid/34851
- https://www.exploit-db.com/exploits/7523
- http://osvdb.org/51705
- http://secunia.com/advisories/33247Vendor Advisory
- http://www.securityfocus.com/bid/34851
- https://www.exploit-db.com/exploits/7523
FAQ
What is CVE-2008-6752?
CVE-2008-6752 is a vulnerability with a CVSS score of 7.5 (HIGH). adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the admin...
How severe is CVE-2008-6752?
CVE-2008-6752 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6752?
Check the references section above for vendor advisories and patch information. Affected products include: Revou Revou.