Lucene search

[email protected]CVE-2006-5737

HistoryNov 06, 2006 - 6:07 p.m.

CVE-2006-5737

2006-11-0618:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

punbb

cve-2006-5737

cookie_seed

security vulnerability

unauthorized actions

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.

CPENameOperatorVersion
punbb:punbbpunbbeq1.2.14

CPE	Name	Operator	Version
punbb:punbb	punbb	eq	1.2.14

References

securitytracker.com/id?1017131

www.osvdb.org/30134

www.securityfocus.com/archive/1/450055/100/0/threaded

www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2006-5737

cve1 prion1