CVE-2007-3630

critical

Description

changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

References

https://www.exploit-db.com/exploits/4163

https://exchange.xforce.ibmcloud.com/vulnerabilities/35295

http://www.securityfocus.com/bid/24808

http://osvdb.org/42461

http://attrition.org/pipermail/vim/2007-July/001705.html

Details

Source: Mitre, NVD

Published: 2007-07-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03398

Detections

Analytics