Default credentials

2009-09-0917:30:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.4%

JSON

ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.

CPENameOperatorVersion
clipshareeq2.6

CPE	Name	Operator	Version
	clipshare	eq	2.6

References

secunia.com/advisories/28313

www.securityfocus.com/bid/27148

exchange.xforce.ibmcloud.com/vulnerabilities/39494

www.exploit-db.com/exploits/4837