Unrated severityNVD Advisory· Published Apr 11, 2007· Updated Apr 23, 2026

CVE-2007-1364

Description

DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.

Affected products

Dropafew/Dropafew
cpe:2.3:a:dropafew:dropafew:*:*:*:*:*:*:*:*
Range: <=0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dropafew.com/sphpblog/comments.phpnvdPatch
www.securityfocus.com/bid/23400nvdExploit
secunia.com/advisories/24861nvdVendor Advisory
www.cynops.de/advisories/CVE-2007-1363.txtnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/33561nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000