CVE-2008-7188
Public Exploits 1
ExploitDB · 1 EDB-4837 [webapps]
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-7188
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ClipShare 'siteadmin/useredit.php' 权限限制和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ClipShare 2.6版本中存在权限限制和访问控制漏洞。由于没有正确的限定对特定功能的访问,这使得远程攻击者可以借助一个畸形的siteadmin/useredit.php的自变量,更改任意用户的profile。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-7188
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-7188
请登录查看更多情报信息。
Same Patch Batch · n/a · 2009-09-09 · 24 CVEs total
| CVE-2009-3124 | Ipmotor QuarkMail 'get_message.cgi'路径遍历漏洞 | |
| CVE-2009-2266 | oxid eshop 敏感信息泄露漏洞 | |
| CVE-2008-7191 | Pps.Jussieu Polipo未明漏洞 | |
| CVE-2008-7190 | Adium 未明漏洞 | |
| CVE-2008-7189 | Bastian_Blumentritt Local Media Browser 多个未明漏洞 | |
| CVE-2008-7187 | Coppermine Photo Gallery 脚本include/slideshow.inc.php信息泄露漏洞 | |
| CVE-2008-7186 | Coppermine Photo Gallery 'update.php' 权限许可和访问控制漏洞 | |
| CVE-2009-3111 | FreeRADIUS src/lib/radius.c 'rad_decode()'拒绝服务漏洞 | |
| CVE-2009-3113 | OXID eShop 未明漏洞 | |
| CVE-2009-3112 | Oxidforge OXID eShop未明安全漏洞 | |
| CVE-2008-7193 | PHPKIT 跨站请求伪造漏洞 | |
| CVE-2008-7192 | WoltLab Burning Board 脚本index.php 跨站请求伪造漏洞 | |
| CVE-2009-2205 | Apple Java Update 'Java Web Start'缓冲区溢出漏洞 | |
| CVE-2009-3123 | Visavi Wap-Motor gallery/gallery.php路径遍历漏洞 | |
| CVE-2009-3122 | Drupal Ajax Table权限许可和访问控制漏洞 | |
| CVE-2009-3121 | Drupal Ajax Table跨站脚本攻击漏洞 | |
| CVE-2009-3120 | BIGACE Web CMS 'public/index.php'跨站脚本攻击漏洞 | |
| CVE-2009-3119 | X-Iweb.Ru Download System mSF SQL注入漏洞 | |
| CVE-2009-3118 | Danneo CMS 'mod/poll/comment.php' SQL注入漏洞 | |
| CVE-2009-3117 | snowhall silurus_system 脚本category.php SQL注入漏洞 |
Showing top 20 of 24 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8747
Z-BlogPHP Commend Approval c_system_event.php CheckComment i - CVE-2026-8746
Open5GS NRF nghttp2-server.c discover_handler use after free - CVE-2026-8745
Open5GS AUSF nausf-handler.c ogs_timer_add denial of service - CVE-2026-8744
Open5GS NRF context.c ogs_sbi_nf_service_add denial of servi - CVE-2026-8743
Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id impr
V. Comments for CVE-2008-7188
No comments yet