CVE-2007-1364

critical

Description

DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.

References

https://www.cynops.de/advisories/CVE-2007-1363.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/33561

http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437

http://secunia.com/advisories/24861

Details

Source: Mitre, NVD

Published: 2007-04-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.03579