CVE-2007-1364

Name of the Vulnerable Software and Affected Versions DropAFew versions prior to 0.2.1

Description The issue allows remote attackers to perform certain privileged actions without authorization. This includes viewing the logged calorie information of arbitrary users via the id parameter in "editlogcal.php", adding arbitrary links via "links.php", or creating arbitrary users via "newaccount2.php".

Recommendations For versions prior to 0.2.1, update to version 0.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to "editlogcal.php", "links.php", and "newaccount2.php" to minimize the risk of exploitation. Avoid using the id parameter in "editlogcal.php" until the issue is resolved.