Vulnerabilities > CVE-2007-3630 - Unspecified vulnerability in AV Scripts AV Tutorial Script 1.0

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
av-scripts
exploit available
NVD
Published: 2007-07-10
Updated: 2017-09-29

Summary

changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

Vulnerable Configurations

Part Description Count
Application
Av_Scripts
1

Exploit-Db

descriptionAV Tutorial Script 1.0 Remote User Pass Change Exploit. CVE-2007-3630. Webapps exploit for php platform
fileexploits/php/webapps/4163.php
idEDB-ID:4163
last seen2016-01-31
modified2007-07-08
platformphp
port
published2007-07-08
reporterDj7xpl
sourcehttps://www.exploit-db.com/download/4163/
titleAV Tutorial Script 1.0 - Remote User Pass Change Exploit
typewebapps

References