CVE-2007-5644

Lussumo Vanilla < 1.1.3 - Access Control

Title source: rule

Description

Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities.

Exploits (1)

exploitdb WORKING POC VERIFIED

by InATeam · phpwebappsphp

https://www.exploit-db.com/exploits/4548

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4548

Scores

EPSS 0.0430

EPSS Percentile 88.9%

Details

CWE

CWE-264

Status published

Products (1)

lussumo/vanilla < 1.1.3

Published Oct 23, 2007

Tracked Since Feb 18, 2026