Lucene search

[email protected]CVE-2006-4078

HistoryAug 11, 2006 - 1:04 a.m.

CVE-2006-4078

2006-08-1101:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4078

pm.php

deluxebb 1.08

authentication bypass

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

Affected configurations

NVD

Node

deluxebbdeluxebbMatch1.08

CPENameOperatorVersion
deluxebb:deluxebbdeluxebbeq1.08

CPE	Name	Operator	Version
deluxebb:deluxebb	deluxebb	eq	1.08

References

secunia.com/advisories/21387

securityreason.com/securityalert/1381

www.osvdb.org/27834

www.securityfocus.com/archive/1/442464/100/0/threaded

www.securityfocus.com/bid/19418

www.vupen.com/english/advisories/2006/3188

exchange.xforce.ibmcloud.com/vulnerabilities/28270

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for CVE-2006-4078

nvd2 cvelist2 cve1 prion1