exploitDog

CVE-2006-4582

Опубликовано: 31 дек. 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.

Ссылки

http://osvdb.org/32559
http://secunia.com/advisories/21694
Exploit
Vendor Advisory
http://secunia.com/secunia_research/2006-76/advisory/
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31251
http://osvdb.org/32559
http://secunia.com/advisories/21694
Exploit
Vendor Advisory
http://secunia.com/secunia_research/2006-76/advisory/
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31251

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00502

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xvrg-j7m3-pwcr

github

почти 4 года назад

Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.

EPSS

Процентиль: 65%

0.00502

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other