Search...

CVE-2006-0312

2006-01-18T20:03:00

ID CVE-2006-0312
Type cve
Reporter NVD
Modified 2017-07-19T21:29:38

Description

create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-0312", "bulletinFamily": "NVD", "title": "CVE-2006-0312", "description": "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.", "published": "2006-01-18T20:03:00", "modified": "2017-07-19T21:29:38", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0312", "reporter": "NVD", "references": ["http://mikeheltonisawesome.com/viewcomments.php?idd=46", "http://www.securityfocus.com/bid/16286", "http://evuln.com/vulns/37/summary.html", "http://www.vupen.com/english/advisories/2006/0240", "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24143"], "cvelist": ["CVE-2006-0312"], "type": "cve", "lastseen": "2017-07-20T10:49:03", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:mike_helton:aoblogger:2.3"], "cvelist": ["CVE-2006-0312"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.", "edition": 1, "enchantments": {}, "hash": "001116dda2d85faa402eae7d989c8a2e68e4f3acde92aff4fc66f611a370f86c", "hashmap": [{"hash": "971d498dc28a37bcc0d9e8f418d69928", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "a7177b04e10ad043d98f8a02d36753bb", "key": "references"}, {"hash": "2706823b7afa957a2ba2786a6fd43558", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "f2a7be078a3d0586116733e689e32577", "key": "title"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "8c604402d905aba5d0474ddcfa7eaa31", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1127c29ec14c228316c186fd7f559577", "key": "href"}, {"hash": "9a8b6bf1966c63decedb250f7b8d12b2", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a37efc616bbc5c8605de78c36dc42c1e", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0312", "id": "CVE-2006-0312", "lastseen": "2016-09-03T06:23:29", "modified": "2011-03-07T21:29:46", "objectVersion": "1.2", "published": "2006-01-18T20:03:00", "references": ["http://mikeheltonisawesome.com/viewcomments.php?idd=46", "http://www.securityfocus.com/bid/16286", "http://evuln.com/vulns/37/summary.html", "http://xforce.iss.net/xforce/xfdb/24143", "http://www.vupen.com/english/advisories/2006/0240", "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-0312", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:23:29"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9a8b6bf1966c63decedb250f7b8d12b2"}, {"key": "cvelist", "hash": "2706823b7afa957a2ba2786a6fd43558"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "971d498dc28a37bcc0d9e8f418d69928"}, {"key": "href", "hash": "1127c29ec14c228316c186fd7f559577"}, {"key": "modified", "hash": "72694334b2e0f8921e12356eaea47fee"}, {"key": "published", "hash": "a37efc616bbc5c8605de78c36dc42c1e"}, {"key": "references", "hash": "fb131696f968816efe91927a0652dd53"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "f2a7be078a3d0586116733e689e32577"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e4cedf3bd998179a9f46d25e72ff91a7b5f8d587a5a79f43fe7c5d204ba04614", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-07-20T10:49:03"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:27106"]}, {"type": "osvdb", "idList": ["OSVDB:22528"]}], "modified": "2017-07-20T10:49:03"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:mike_helton:aoblogger:2.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"exploitdb": [{"lastseen": "2016-02-03T05:07:22", "bulletinFamily": "exploit", "description": "aoblogger 2.3 create.php Unauthenticated Entry Creation. CVE-2006-0312. Webapps exploit for php platform", "modified": "2006-01-17T00:00:00", "published": "2006-01-17T00:00:00", "id": "EDB-ID:27106", "href": "https://www.exploit-db.com/exploits/27106/", "type": "exploitdb", "title": "aoblogger 2.3 create.php Unauthenticated Entry Creation", "sourceData": "source: http://www.securityfocus.com/bid/16286/info\r\n \r\nAOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nSuccessful exploitation of these vulnerabilities could allow an attacker to:\r\n \r\n- compromise the application\r\n- access, modify, or create data\r\n- steal cookie-based authentication credentials.\r\n \r\nAn attacker may also be able to exploit vulnerabilities in the underlying database implementation and to launch other attacks.\r\n \r\nVersion 2.3 is vulnerable; other versions may also be affected. \r\n\r\nAn example of new entry creation without proper authorization has been provided:\r\n\r\n<form action=\"http://www.example.com/aoblogger/create.php\" method=\"post\">\r\n<input name=\"uza\" value=1>\r\n<input name=\"title\" value=\"anytitle\">\r\n<textarea name=\"message\">anymessage</textarea>\r\n</form> ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27106/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://mikeheltonisawesome.com/\n[Secunia Advisory ID:16889](https://secuniaresearch.flexerasoftware.com/advisories/16889/)\n[Related OSVDB ID: 22526](https://vulners.com/osvdb/OSVDB:22526)\n[Related OSVDB ID: 22527](https://vulners.com/osvdb/OSVDB:22527)\nOther Advisory URL: http://evuln.com/vulns/37/summary.html\nMail List Post: http://attrition.org/pipermail/vim/2006-April/000700.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html\nKeyword: EV0037\nFrSIRT Advisory: ADV-2006-0240\n[CVE-2006-0312](https://vulners.com/cve/CVE-2006-0312)\nBugtraq ID: 16286\n", "modified": "2006-01-16T04:18:26", "published": "2006-01-16T04:18:26", "href": "https://vulners.com/osvdb/OSVDB:22528", "id": "OSVDB:22528", "type": "osvdb", "title": "aoblogger create.php Unauthenticated Entry Creation", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}