Vulnerability Description
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extcalendar Project | Extcalendar | <= 2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38130Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32035Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/3239ExploitThird Party AdvisoryVDB Entry
- http://osvdb.org/38130Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32035Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/3239ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2007-0681?
CVE-2007-0681 is a vulnerability with a CVSS score of 9.8 (CRITICAL). profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, vi...
How severe is CVE-2007-0681?
CVE-2007-0681 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2007-0681?
Check the references section above for vendor advisories and patch information. Affected products include: Extcalendar Project Extcalendar.