Lucene search

[email protected]CVE-2006-1267

HistoryMar 19, 2006 - 2:02 a.m.

CVE-2006-1267

2006-03-1902:02:00

[email protected]

web.nvd.nist.gov

cve-2006-1267

invision power board

session hijacking

remote attack

administrative privileges

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

72.0%

JSON

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.

Affected configurations

NVD

Node

invision_power_servicesinvision_power_boardMatch2.1.4

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.4

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.4

References

www.securityfocus.com/archive/1/427751/100/0/threaded

www.securityfocus.com/archive/1/427847/100/0/threaded

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

72.0%

JSON

Related for CVE-2006-1267

cvelist1 nvd1 prion1