CVE-2008-7188

ClipShare 2.6 - Info Disclosure

Title source: llm

Description

ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pr0metheuS · perlwebappsphp

https://www.exploit-db.com/exploits/4837

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/28313

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39494

[Exploit] http://www.securityfocus.com/bid/27148

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4837

Scores

EPSS 0.0363

EPSS Percentile 87.9%

Details

CWE

CWE-264

Status published

Products (1)

clip-share/clipshare 2.6

Published Sep 09, 2009

Tracked Since Feb 18, 2026