CVE-2007-2822

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/05/2007
Last modified:
09/04/2025

Description

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wavelink_media:tutorialcms:*:*:*:*:*:*:*:* 1.01 (including)