Lucene search

MitreCVE-2006-2896

HistoryJun 07, 2006 - 10:02 a.m.

CVE-2006-2896

2006-06-0710:02:00

mitre

web.nvd.nist.gov

cve-2006-2896

funkboard

cf0.71

profile.php

vulnerability

remote attack

password change

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.177

Percentile

96.2%

JSON

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.

Affected configurations

Nvd

Node

funkboardfunkboardMatchcf0.71

VendorProductVersionCPE
funkboardfunkboardcf0.71cpe:2.3:a:funkboard:funkboard:cf0.71:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
funkboard	funkboard	cf0.71	cpe:2.3:a:funkboard:funkboard:cf0.71:::::::*

References

secunia.com/advisories/20433

securityreason.com/securityalert/1066

www.funkboard.co.uk/forum/thread.php?id=302

www.securityfocus.com/archive/1/435987/100/0/threaded

www.vupen.com/english/advisories/2006/2158

exchange.xforce.ibmcloud.com/vulnerabilities/26912

www.exploit-db.com/exploits/1875

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.177

Percentile

96.2%

JSON

Related for CVE-2006-2896