CVE-2007-1364

{"id": "CVE-2007-1364", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-11T22:19:00.000", "references": [{"url": "http://secunia.com/advisories/24861", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23400", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33561", "source": "cve@mitre.org"}, {"url": "https://www.cynops.de/advisories/CVE-2007-1363.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24861", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23400", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33561", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cynops.de/advisories/CVE-2007-1363.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php."}, {"lang": "es", "value": "DropAFew versiones anteriores a 0.2.1, no requiere autorizaci\u00f3n para ciertas acciones con privilegios, lo que permite a atacantes remotos (1) visualizar la informaci\u00f3n cal\u00f3rica registrada de los usuarios arbitrarios por medio del par\u00e1metro id en el archivo editlogcal.php, (2) a\u00f1adir enlaces arbitrarios por medio del archivo links.php, o (3) crear usuarios arbitrarios por medio del archivo newaccount2.php."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dropafew:dropafew:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C4B696-C5AF-4C47-91BB-B6EE202D6D89", "versionEndIncluding": "0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}