CVE-2007-3630

Name of the Vulnerable Software and Affected Versions AV Tutorial Script (avtutorial) version 1.0

Description The issue allows remote attackers to change passwords for arbitrary users without requiring authentication or knowledge of the old password. This is achieved by modifying the password parameter in the "changePW.php" file.

Recommendations For AV Tutorial Script (avtutorial) version 1.0, consider implementing authentication and old password verification requirements for the password change functionality in the "changePW.php" file to prevent unauthorized password changes. As a temporary workaround, restrict access to the "changePW.php" file until a proper fix is implemented.