Vulnerability Details CVE-2007-1364
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/24861
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
- http://www.securityfocus.com/bid/23400
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txt
- http://secunia.com/advisories/24861
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
- http://www.securityfocus.com/bid/23400
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txt