Unrated severityNVD Advisory· Published Jul 10, 2007· Updated Apr 23, 2026
CVE-2007-3630
CVE-2007-3630
Description
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
Affected products
1- cpe:2.3:a:av_scripts:av_tutorial_script:1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.