CVE-2008-7188

ClipShare 2.6 - Unauthenticated Arbitrary User Profile Modification via uid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7188. PoCs published by Pr0metheuS.

AI-analyzed exploit summary This exploit targets Clipshare 2.6 by changing a user's password via an unauthenticated HTTP request to useredit.php, then triggering a password recovery email to an attacker-controlled address. It leverages improper access controls to modify user details.

Description

ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Pr0metheuS · perlwebappsphp
https://www.exploit-db.com/exploits/4837

This exploit targets Clipshare 2.6 by changing a user's password via an unauthenticated HTTP request to useredit.php, then triggering a password recovery email to an attacker-controlled address. It leverages improper access controls to modify user details.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Clipshare 2.6
No auth needed
Prerequisites: Target site running Clipshare 2.6 · Valid user ID · Attacker-controlled email address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28313
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39494
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27148
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4837

Scores

EPSS 0.0230
EPSS Percentile 81.1%

Details

CWE
CWE-264
Status published
Products (1)
clip-share/clipshare 2.6
Published Sep 09, 2009
Tracked Since Feb 18, 2026