adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-04-24T14:00:00
Updated: 2024-08-07T11:41:59.951Z
Reserved: 2009-04-24T00:00:00
Link: CVE-2008-6752
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-04-24T14:30:00.267
Modified: 2024-11-21T00:57:22.610
Link: CVE-2008-6752
Redhat
No data.