CVE-2007-3630

{"id": "CVE-2007-3630", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-10T00:30:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2007-July/001705.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/42461", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24808", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35295", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4163", "source": "cve@mitre.org"}, {"url": "http://attrition.org/pipermail/vim/2007-July/001705.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/42461", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24808", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35295", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/4163", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter."}, {"lang": "es", "value": "changePW.php en AV Tutorial Script (avtutorial) 1.0 no requiere validaci\u00f3n o conocimiento de un contrase\u00f1a antig\u00fca para un cambio de contrase\u00f1a, lo cual permite a atacantes remotos cambiar las contrase\u00f1as para usuarios de su elecci\u00f3n a trav\u00e9s del par\u00e1metro password modificado."}], "lastModified": "2024-11-21T00:33:41.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:av_scripts:av_tutorial_script:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559571A2-F2B4-413B-8179-DF59D81A9AE4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}