Vulnerability Details CVE-2007-1364
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.046
EPSS Ranking 89.3%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/24861
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
- http://www.securityfocus.com/bid/23400
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txt
- http://secunia.com/advisories/24861
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
- http://www.securityfocus.com/bid/23400
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txt