CVE-2007-2785

Name of the Vulnerable Software and Affected Versions eSyndiCat Pro versions 1.x

Description The issue allows remote attackers to create additional administrative accounts and have other unspecified impact. This is achieved by modifying certain parameters, including username, new pass, new pass2, status, super, in an "add" action in the "manage-admins.php" file.

Recommendations For eSyndiCat Pro version 1.x, consider restricting access to the "manage-admins.php" file until a patch is available. As a temporary workaround, avoid using the parameters username, new pass, new pass2, status, super in the affected "add" action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.