CVE-2007-5752

Agtc Websolutions Php-agtc Membership System - Authentication Bypass

Title source: rule

Description

adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by 0x90 · htmlwebappsphp

https://www.exploit-db.com/exploits/4589

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by t0pP8uZz · perlwebappsphp

https://www.exploit-db.com/exploits/5649

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/27430

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38173

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/482919/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26255

[Third Party Advisory] http://securityreason.com/securityalert/3326

Scores

EPSS 0.0252

EPSS Percentile 85.2%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

agtc_websolutions/php-agtc_membership_system

Timeline

Published Oct 31, 2007

Tracked Since Feb 18, 2026