Vulnerability Description
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropafew | Dropafew | <= 0.2 |
References
- http://secunia.com/advisories/24861Vendor Advisory
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437Patch
- http://www.securityfocus.com/bid/23400Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txtVendor Advisory
- http://secunia.com/advisories/24861Vendor Advisory
- http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437Patch
- http://www.securityfocus.com/bid/23400Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33561
- https://www.cynops.de/advisories/CVE-2007-1363.txtVendor Advisory
FAQ
What is CVE-2007-1364?
CVE-2007-1364 is a vulnerability with a CVSS score of 6.4 (MEDIUM). DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in...
How severe is CVE-2007-1364?
CVE-2007-1364 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1364?
Check the references section above for vendor advisories and patch information. Affected products include: Dropafew Dropafew.