CVE-2006-3479

🗓️ 10 Jul 2006 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 40 Views🌐 WEB

Cross-site request forgery vulnerability in Nuked-Klan 1.7.5 and earlie

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2006-3479	10 Jul 200620:00	–	cvelist
EUVD	EUVD-2006-3474	7 Oct 202500:30	–	euvd
NVD	CVE-2006-3479	10 Jul 200620:05	–	nvd

NVD

Node

nuked-klan nuked-klanRange≤1.7.5

OR

nuked-klan nuked-klanMatch1.7_sp4.2

Source	Link
secunia	www.secunia.com/advisories/20898
vupen	www.vupen.com/english/advisories/2006/2615
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/27490
securityreason	www.securityreason.com/securityalert/1205
securityfocus	www.securityfocus.com/archive/1/438703

Parameter	Position	Path	Description	CWE
op	query param	index.php	CSRF vulnerability allowing deletion of blocks via a crafted link that triggers del_block operation with a modified bid parameter on the block page.	CWE-352
bid	query param	index.php	CSRF vulnerability allowing deletion of blocks via a crafted link that triggers del_block operation with a modified bid parameter on the block page.	CWE-352
op	path	modules/Admin/block.php	del_block endpoint vulnerability in the del_block function called from the admin block management page, exploitable via a crafted request to perform block deletion.	CWE-352
bid	path	modules/Admin/block.php	del_block endpoint vulnerability in the del_block function called from the admin block management page, exploitable via a crafted request to perform block deletion.	CWE-352

16 Apr 2026 00:27Current

7.3High risk

Vulners AI Score7.3

CVSS 25

EPSS0.00483

cve-2006-3479 csrf vulnerability nuked-klan remote attackers block deletion