Lucene search

[email protected]CVE-2006-2636

HistoryMay 30, 2006 - 10:02 a.m.

CVE-2006-2636

2006-05-3010:02:00

CWE-287

[email protected]

web.nvd.nist.gov

katy whitton

newscmslite

cve-2006-2636

authentication bypass

remote access

nvd

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.107 Low

EPSS

Percentile

95.0%

JSON

newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to “xY1zZoPQ”.

CPENameOperatorVersion
katy_whitton:newscmslitekaty whitton newscmsliteeq*

CPE	Name	Operator	Version
katy_whitton:newscmslite	katy whitton newscmslite	eq	*

References

secunia.com/advisories/20294

securityreason.com/securityalert/974

www.bugreport.ir/index_62.htm

www.kapda.ir/advisory-332.html

www.securityfocus.com/archive/1/435019/100/0/threaded

www.securityfocus.com/archive/1/500407/100/0/threaded

www.vupen.com/english/advisories/2006/1993

exchange.xforce.ibmcloud.com/vulnerabilities/26698

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.107 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2006-2636

prion1 cve1