Lucene search

[email protected]CVE-2006-3206

HistoryJun 24, 2006 - 1:06 a.m.

CVE-2006-3206

2006-06-2401:06:00

[email protected]

web.nvd.nist.gov

cve-2006-3206

upb

remote attackers

arbitrary accounts

signature field

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.6%

JSON

register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the “[NR]” sequence in the signature field, which is used to separate multiple records.

Affected configurations

NVD

Node

ultimate_php_boardultimate_php_boardMatch1.8

ultimate_php_boardultimate_php_boardMatch1.8.2

ultimate_php_boardultimate_php_boardMatch1.9

ultimate_php_boardultimate_php_boardMatch1.9.6

CPENameOperatorVersion
ultimate_php_board:ultimate_php_boardultimate php boardeq1.8
ultimate_php_board:ultimate_php_boardultimate php boardeq1.8.2
ultimate_php_board:ultimate_php_boardultimate php boardeq1.9
ultimate_php_board:ultimate_php_boardultimate php boardeq1.9.6

CPE	Name	Operator	Version
ultimate_php_board:ultimate_php_board	ultimate php board	eq	1.8
ultimate_php_board:ultimate_php_board	ultimate php board	eq	1.8.2
ultimate_php_board:ultimate_php_board	ultimate php board	eq	1.9
ultimate_php_board:ultimate_php_board	ultimate php board	eq	1.9.6

References

securityreason.com/securityalert/1138

www.securityfocus.com/archive/1/437875/100/0/threaded

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for CVE-2006-3206

nvd1 cvelist1