CVE-2007-5752

Name of the Vulnerable Software and Affected Versions AGTC-Membership System version 1.1a

Description The issue concerns the adduser.php file, which does not require authentication. This allows remote attackers to create accounts by modifying the form. For example, an attacker can create an account with admin privileges, specifically userlevel 4.

Recommendations For AGTC-Membership System version 1.1a, consider implementing authentication requirements for the adduser.php file to prevent unauthorized account creation. As a temporary workaround, restrict access to the adduser.php file until a proper authentication mechanism is in place.