Critical severity9.8NVD Advisory· Published Feb 3, 2007· Updated Apr 23, 2026

CVE-2007-0681

Description

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

Affected products

Extcalendar/Extcalendar
cpe:2.3:a:extcalendar_project:extcalendar:*:*:*:*:*:*:*:*
Range: <=2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/3239nvdExploitThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/32035nvdThird Party AdvisoryVDB Entry
osvdb.org/38130nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000