Lucene search

MitreCVE-2006-4427

HistoryAug 29, 2006 - 12:04 a.m.

CVE-2006-4427

2006-08-2900:04:00

mitre

web.nvd.nist.gov

efiction

authentication bypass

index.php

cve-2006-4427

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.111

Percentile

95.2%

JSON

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to “1”.

Affected configurations

Nvd

Node

efictionefictionMatch1.0

efictionefictionMatch1.1

efictionefictionMatch2.0

efictionefictionMatch2.0.6

VendorProductVersionCPE
efictionefiction1.0cpe:2.3:a:efiction:efiction:1.0:*:*:*:*:*:*:*
efictionefiction1.1cpe:2.3:a:efiction:efiction:1.1:*:*:*:*:*:*:*
efictionefiction2.0cpe:2.3:a:efiction:efiction:2.0:*:*:*:*:*:*:*
efictionefiction2.0.6cpe:2.3:a:efiction:efiction:2.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
efiction	efiction	1.0	cpe:2.3:a:efiction:efiction:1.0:::::::*
efiction	efiction	1.1	cpe:2.3:a:efiction:efiction:1.1:::::::*
efiction	efiction	2.0	cpe:2.3:a:efiction:efiction:2.0:::::::*
efiction	efiction	2.0.6	cpe:2.3:a:efiction:efiction:2.0.6:::::::*

References

efiction.org/forums/index.php?topic=3698

secunia.com/advisories/21625

www.osvdb.org/28237

www.securityfocus.com/bid/19717

www.vupen.com/english/advisories/2006/3392

exchange.xforce.ibmcloud.com/vulnerabilities/28595

www.exploit-db.com/exploits/2255

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.111

Percentile

95.2%

JSON

Related for CVE-2006-4427