CVE-2006-4078

Sažetak

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

Reference

http://secunia.com/advisories/21387
http://securityreason.com/securityalert/1381
http://www.osvdb.org/27834
http://www.securityfocus.com/archive/1/442464/100/0/threaded
http://www.securityfocus.com/bid/19418
http://www.vupen.com/english/advisories/2006/3188
https://exchange.xforce.ibmcloud.com/vulnerabilities/28270

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:33

Objavljeno

11-08-2006 - 01:04