Unrated severityNVD Advisory· Published May 22, 2007· Updated Apr 23, 2026

CVE-2007-2822

Description

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

Affected products

Wavelink Media/Tutorialcms
cpe:2.3:a:wavelink_media:tutorialcms:*:*:*:*:*:*:*:*
Range: <=1.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25358nvdVendor Advisory
osvdb.org/36520nvd
www.vupen.com/english/advisories/2007/1903nvd
www.wavelinkmedia.com/scripts/tutorialcms/nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34401nvd
www.exploit-db.com/exploits/3963nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000