Lucene search

[email protected]CVE-2007-3630

HistoryJul 10, 2007 - 12:30 a.m.

CVE-2007-3630

2007-07-1000:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

av tutorial script

avtutorial

changepw.php

unauthenticated access

password change vulnerability

7.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.03 Low

EPSS

Percentile

90.8%

JSON

changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

CPENameOperatorVersion
av_scripts:av_tutorial_scriptav scripts av tutorial scripteq1.0

CPE	Name	Operator	Version
av_scripts:av_tutorial_script	av scripts av tutorial script	eq	1.0

References

attrition.org/pipermail/vim/2007-July/001705.html

osvdb.org/42461

www.securityfocus.com/bid/24808

exchange.xforce.ibmcloud.com/vulnerabilities/35295

www.exploit-db.com/exploits/4163

7.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.03 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2007-3630

prion2 cve1