CVE-2007-5644 Information

Description

Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php which allows remote attackers to conduct unauthorized sort operations and other activities.

Reference

https://www.exploit-db.com/exploits/4548