Lucene search

[email protected]CVE-2006-2771

HistoryJun 02, 2006 - 10:18 a.m.

CVE-2006-2771

2006-06-0210:18:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

2771

hogstorps

hogstorp

guestbook

admin

radera

tabort

nvd

security vulnerability

remote attack

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.04 Low

EPSS

Percentile

91.9%

JSON

admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.

CPENameOperatorVersion
hogstorps:hogstorp_guestbookhogstorps hogstorp guestbookeq2.0

CPE	Name	Operator	Version
hogstorps:hogstorp_guestbook	hogstorps hogstorp guestbook	eq	2.0

References

colander.altervista.org/advisory/HTGuestBook2.txt

secunia.com/advisories/20402

www.securityfocus.com/bid/18205

www.vupen.com/english/advisories/2006/2082

exchange.xforce.ibmcloud.com/vulnerabilities/26979

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.04 Low

EPSS

Percentile

91.9%

JSON

Related for CVE-2006-2771

prion1