← Zuruck zu CVEs
CVE-2007-0681
CRITICAL9.8
Beschreibung
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/3/2007
Zuletzt geandert4/9/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
extcalendar_project:extcalendar
Schwachen (CWE)
CWE-522
Referenzen
http://osvdb.org/38130(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32035(cve@mitre.org)
https://www.exploit-db.com/exploits/3239(cve@mitre.org)
http://osvdb.org/38130(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32035(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/3239(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.