CVE-2008-7188

Name of the Vulnerable Software and Affected Versions ClipShare version 2.6

Description The issue allows remote attackers to change the profile of arbitrary users by modifying the uid variable in the "siteadmin/useredit.php" endpoint. This can be exploited to recover a user's password by using a modified e-mail address in the email parameter to "recoverpass.php".

Recommendations For ClipShare version 2.6, consider restricting access to the "siteadmin/useredit.php" and "recoverpass.php" endpoints until a proper fix is available. As a temporary workaround, restrict the use of the uid variable and the email parameter in these endpoints to minimize the risk of exploitation.