Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ReVou 'adminlogin/password.php'远程密码更改漏洞
Vulnerability Description
ReVou Micro Blogging Twitter Clone (TClone) plugin中的adminlogin/password.php没有在更改密码之前进行原始密码校验,这使得远程攻击者可以在更改操作中,借助一个带有修改过的新密码1和新密码2的直接请求,更改管理员密码和获得特权。
CVSS Information
N/A
Vulnerability Type
N/A