CVE-2007-0681

CRITICAL

ExtCalendar < 2 - Unauthenticated Password Change via register.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0681. PoCs published by ajann.

AI-analyzed exploit summary This HTML form exploits CVE-2007-0681, a vulnerability in the registration process of a web application. It allows an attacker to submit crafted input fields to bypass validation or trigger unintended behavior, likely leading to unauthorized account creation or manipulation.

Description

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ajann · htmlwebappsphp
https://www.exploit-db.com/exploits/3239

This HTML form exploits CVE-2007-0681, a vulnerability in the registration process of a web application. It allows an attacker to submit crafted input fields to bypass validation or trigger unintended behavior, likely leading to unauthorized account creation or manipulation.

Classification
Working Poc 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unknown web application (likely a CMS or forum software from 2007)
No auth needed
Prerequisites: Access to the target's registration page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/38130
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32035
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3239

Scores

CVSS v3 9.8
EPSS 0.0747
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
extcalendar_project/extcalendar < 2
Published Feb 03, 2007
Tracked Since Feb 18, 2026