2 matches found
CVE-2007-1364
CVE-2007-1364 affects DropAFew before 0.2.1 and is an authorization flaw that allows remote attackers to perform privileged actions: (1) view arbitrary users’ logged calorie data via id in editlogcal.php, (2) add arbitrary links via links.php, and (3) create arbitrary users via newaccount2.php. T...
[Full-disclosure] DropAFew - SQL injection and authorization issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2007-002 ||| ||| CVE-2007-1363 CVE candidate ||| ||| CVE-2007-1364 CVE candidate ||| ============================================ DropAFew - Multiple vulnerabilities SQL...