Lucene search

[email protected]CVE-2006-0438

HistoryFeb 06, 2006 - 10:02 p.m.

CVE-2006-0438

2006-02-0622:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0438

cross-site request forgery

csrf

phpbb 2.0.19

nvd

security vulnerability

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.03 Low

EPSS

Percentile

90.9%

JSON

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.

CPENameOperatorVersion
phpbb_group:phpbbphpbb group phpbbeq2.0.5
phpbb_group:phpbbphpbb group phpbbeq2.0.7a
phpbb_group:phpbbphpbb group phpbbeq2.0.8
phpbb_group:phpbbphpbb group phpbbeq2.0.11
phpbb_group:phpbbphpbb group phpbbeq2.0.1
phpbb_group:phpbbphpbb group phpbbeq2.0.13
phpbb_group:phpbbphpbb group phpbbeq2.0.16
phpbb_group:phpbbphpbb group phpbbeq2.0.3
phpbb_group:phpbbphpbb group phpbbeq2.0_rc2
phpbb_group:phpbbphpbb group phpbbeq2.0_rc1

CPE	Name	Operator	Version
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.5
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.7a
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.8
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.11
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.1
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.13
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.16
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.3
phpbb_group:phpbb	phpbb group phpbb	eq	2.0_rc2
phpbb_group:phpbb	phpbb group phpbb	eq	2.0_rc1

Rows per page:

1-10 of 291

References

lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html

secunia.com/advisories/18693

securityreason.com/achievement_securityalert/31

securityreason.com/securityalert/406

www.osvdb.org/22929

www.vupen.com/english/advisories/2006/0445

exchange.xforce.ibmcloud.com/vulnerabilities/24497

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2006-0438

cvelist1 prion1 ubuntucve1 securityvulns1 packetstorm1