CVE-2007-3611
VRNews 1.1.1 (admin.php) is vulnerable to an unauthenticated remote administrative action due to a direct request parameter (act) that allows actions such as edit, add, config, or del. The root cause is lack of authentication for these actions, enabling attackers to perform administrative operati...