CVE-2007-3611

2007-07-0619:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.