### [CVE-2007-3611](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3611)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.

### POC

#### Reference
- https://www.exploit-db.com/exploits/4150

#### Github
No PoCs found on GitHub currently.