Lucene search

[email protected]CVE-2006-4653

HistorySep 09, 2006 - 12:04 a.m.

CVE-2006-4653

2006-09-0900:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

4653

amazing little poll

picture poll

sensitive information

access control

remote attackers

admin password

lp_settings

nvd

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).

CPENameOperatorVersion
amazing_little_poll:amazing_little_pollamazing little polleq*
amazing_little_picture_poll:amazing_little_picture_pollamazing little picture polleq*

CPE	Name	Operator	Version
amazing_little_poll:amazing_little_poll	amazing little poll	eq	*
amazing_little_picture_poll:amazing_little_picture_poll	amazing little picture poll	eq	*

References

secunia.com/advisories/21997

securityreason.com/securityalert/1527

www.securityfocus.com/archive/1/445081/100/0/threaded

www.securityfocus.com/bid/19837

www.vupen.com/english/advisories/2006/3687

exchange.xforce.ibmcloud.com/vulnerabilities/28737

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON