← back
CVE-2007-3630

CVE-2007-3630

EPSS 2.3%
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4163unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://attrition.org/pipermail/vim/2007-July/001705.htmlhttp://osvdb.org/42461https://exchange.xforce.ibmcloud.com/vulnerabilities/35295https://www.exploit-db.com/exploits/4163http://www.securityfocus.com/bid/24808