CVE-2008-6752

Revou - Improper Input Validation

Title source: rule

Description

adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.

Exploits (1)

exploitdb WORKING POC VERIFIED

by G4N0K · phpwebappsphp

https://www.exploit-db.com/exploits/7523

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/33247

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34851

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7523

[Third Party Advisory, VDB Entry] http://osvdb.org/51705

Scores

EPSS 0.0270

EPSS Percentile 85.9%

Details

CWE

CWE-20

Status published

Products (1)

revou/revou

Published Apr 24, 2009

Tracked Since Feb 18, 2026