CVE-2007-3630

AV Tutorial Script <1.0 - RCE

Title source: llm

Description

changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · phpwebappsphp

https://www.exploit-db.com/exploits/4163

View Code ZIP pw:eip

References (5)

[Various Sources] http://attrition.org/pipermail/vim/2007-July/001705.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35295

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24808

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4163

[Third Party Advisory, VDB Entry] http://osvdb.org/42461

Scores

EPSS 0.0866

EPSS Percentile 92.5%

Details

Status published

Products (1)

av_scripts/av_tutorial_script 1.0

Published Jul 10, 2007

Tracked Since Feb 18, 2026