CVE-2006-4078

Опубликовано: 11 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

Ссылки

http://secunia.com/advisories/21387
Patch
Vendor Advisory
http://securityreason.com/securityalert/1381
http://www.osvdb.org/27834
http://www.securityfocus.com/archive/1/442464/100/0/threaded
http://www.securityfocus.com/bid/19418
http://www.vupen.com/english/advisories/2006/3188
https://exchange.xforce.ibmcloud.com/vulnerabilities/28270
http://secunia.com/advisories/21387
Patch
Vendor Advisory
http://securityreason.com/securityalert/1381
http://www.osvdb.org/27834
http://www.securityfocus.com/archive/1/442464/100/0/threaded
http://www.securityfocus.com/bid/19418
http://www.vupen.com/english/advisories/2006/3188
https://exchange.xforce.ibmcloud.com/vulnerabilities/28270

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deluxebb:deluxebb:1.08:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00978

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-f665-qj55-6rrx

github

почти 4 года назад