Vulnerabilities > CVE-2007-1364 - Unspecified vulnerability in Dropafew
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN dropafew
exploit available
Summary
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | DropAFew 0.2 newaccount2.php Arbitrary Account Creation. CVE-2007-1364. Webapps exploit for php platform |
| id | EDB-ID:29831 |
| last seen | 2016-02-03 |
| modified | 2007-04-10 |
| published | 2007-04-10 |
| reporter | Alexander Klink |
| source | https://www.exploit-db.com/download/29831/ |
| title | DropAFew 0.2 newaccount2.php Arbitrary Account Creation |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/55830/AKLINK-SA-2007-002.txt |
| id | PACKETSTORM:55830 |
| last seen | 2016-12-05 |
| published | 2007-04-11 |
| reporter | Alexander Klink |
| source | https://packetstormsecurity.com/files/55830/AKLINK-SA-2007-002.txt.html |
| title | AKLINK-SA-2007-002.txt |
References
- http://secunia.com/advisories/24861
- http://secunia.com/advisories/24861
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
- http://www.securityfocus.com/bid/23400
- http://www.securityfocus.com/bid/23400
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txt
- https://www.cynops.de/advisories/CVE-2007-1363.txt