Lucene search

[email protected]NVD:CVE-2006-4078

HistoryAug 11, 2006 - 1:04 a.m.

CVE-2006-4078

2006-08-1101:04:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

Affected configurations

NVD

Node

deluxebbdeluxebbMatch1.08

References

secunia.com/advisories/21387

securityreason.com/securityalert/1381

www.osvdb.org/27834

www.securityfocus.com/archive/1/442464/100/0/threaded

www.securityfocus.com/bid/19418

www.vupen.com/english/advisories/2006/3188

exchange.xforce.ibmcloud.com/vulnerabilities/28270

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for NVD:CVE-2006-4078

cvelist2 cve2 nvd1 prion1