Vulnerabilities > CVE-2007-3630 - Unspecified vulnerability in AV Scripts AV Tutorial Script 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | AV Tutorial Script 1.0 Remote User Pass Change Exploit. CVE-2007-3630. Webapps exploit for php platform |
file | exploits/php/webapps/4163.php |
id | EDB-ID:4163 |
last seen | 2016-01-31 |
modified | 2007-07-08 |
platform | php |
port | |
published | 2007-07-08 |
reporter | Dj7xpl |
source | https://www.exploit-db.com/download/4163/ |
title | AV Tutorial Script 1.0 - Remote User Pass Change Exploit |
type | webapps |