Vulnerability Description
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Av Scripts | Av Tutorial Script | 1.0 |
References
- http://attrition.org/pipermail/vim/2007-July/001705.html
- http://osvdb.org/42461
- http://www.securityfocus.com/bid/24808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35295
- https://www.exploit-db.com/exploits/4163
- http://attrition.org/pipermail/vim/2007-July/001705.html
- http://osvdb.org/42461
- http://www.securityfocus.com/bid/24808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35295
- https://www.exploit-db.com/exploits/4163
FAQ
What is CVE-2007-3630?
CVE-2007-3630 is a vulnerability with a CVSS score of 6.4 (MEDIUM). changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrar...
How severe is CVE-2007-3630?
CVE-2007-3630 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3630?
Check the references section above for vendor advisories and patch information. Affected products include: Av Scripts Av Tutorial Script.