Vulnerabilities > CVE-2007-1364 - SQL Injection vulnerability in DropAFew
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | DropAFew 0.2 newaccount2.php Arbitrary Account Creation. CVE-2007-1364. Webapps exploit for php platform |
id | EDB-ID:29831 |
last seen | 2016-02-03 |
modified | 2007-04-10 |
published | 2007-04-10 |
reporter | Alexander Klink |
source | https://www.exploit-db.com/download/29831/ |
title | DropAFew 0.2 newaccount2.php Arbitrary Account Creation |
Packetstorm
data source | https://packetstormsecurity.com/files/download/55830/AKLINK-SA-2007-002.txt |
id | PACKETSTORM:55830 |
last seen | 2016-12-05 |
published | 2007-04-11 |
reporter | Alexander Klink |
source | https://packetstormsecurity.com/files/55830/AKLINK-SA-2007-002.txt.html |
title | AKLINK-SA-2007-002.txt |