Vulnerabilities > CVE-2007-3611 - Remote Security vulnerability in Vrnews 1.1.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability. CVE-2007-3611. Webapps exploit for php platform |
file | exploits/php/webapps/4150.txt |
id | EDB-ID:4150 |
last seen | 2016-01-31 |
modified | 2007-07-05 |
platform | php |
port | |
published | 2007-07-05 |
reporter | R4M! |
source | https://www.exploit-db.com/download/4150/ |
title | VRNews 1.1.1 admin.php Remote Permission Bypass Vulnerability |
type | webapps |