Lucene search

[email protected]NVD:CVE-2006-1267

HistoryMar 19, 2006 - 2:02 a.m.

CVE-2006-1267

2006-03-1902:02:00

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.

Affected configurations

Nvd

Node

invision_power_servicesinvision_power_boardMatch2.1.4

VendorProductVersionCPE
invision_power_servicesinvision_power_board2.1.4cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
invision_power_services	invision_power_board	2.1.4	cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:::::::*

References

www.securityfocus.com/archive/1/427751/100/0/threaded

www.securityfocus.com/archive/1/427847/100/0/threaded

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

Related for NVD:CVE-2006-1267

cvelist1 cve1 prion1