6.4
CVE-2007-3630
- EPSS 2.33%
- Veröffentlicht 10.07.2007 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginchangePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Av Scripts ≫ Av Tutorial Script Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.33% | 0.813 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
http://attrition.org/pipermail/vim/2007-July/001705.html
http://osvdb.org/42461
http://www.securityfocus.com/bid/24808
https://exchange.xforce.ibmcloud.com/vulnerabilities/35295
https://www.exploit-db.com/exploits/4163