Vulnerabilities > CVE-2007-3611 - Remote Security vulnerability in Vrnews 1.1.1

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
vrnews
critical
exploit available

Summary

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.

Vulnerable Configurations

Part Description Count
Application
Vrnews
1

Exploit-Db

descriptionVRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability. CVE-2007-3611. Webapps exploit for php platform
fileexploits/php/webapps/4150.txt
idEDB-ID:4150
last seen2016-01-31
modified2007-07-05
platformphp
port
published2007-07-05
reporterR4M!
sourcehttps://www.exploit-db.com/download/4150/
titleVRNews 1.1.1 admin.php Remote Permission Bypass Vulnerability
typewebapps