CVE DATABASE / CVE-2007-0681
CVE-2007-0681
CVSS 9.8 · CRITICAL
Summary
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Extcalendar_project extcalendar
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://osvdb.org/38130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32035
- https://www.exploit-db.com/exploits/3239
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.