CVE-2007-0681 Information

Description

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password and possibly perform other unauthorized actions via modified values to register.php.

Reference

http://osvdb.org/38130 https://exchange.xforce.ibmcloud.com/vulnerabilities/32035 https://www.exploit-db.com/exploits/3239