Vulnerability Description
admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vrnews | Vrnews | 1.1.1 |
References
- http://osvdb.org/45787
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35271
- https://www.exploit-db.com/exploits/4150
- http://osvdb.org/45787
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35271
- https://www.exploit-db.com/exploits/4150
FAQ
What is CVE-2007-3611?
CVE-2007-3611 is a vulnerability with a CVSS score of 9.3 (HIGH). admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edi...
How severe is CVE-2007-3611?
CVE-2007-3611 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3611?
Check the references section above for vendor advisories and patch information. Affected products include: Vrnews Vrnews.