exploitDog

CVE-2006-5729

Опубликовано: 06 нояб. 2006

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yazd:yazd_discussion_forum:1.0:*:*:*:*:*:*:*

cpe:2.3:a:yazd:yazd_discussion_forum:2.0:*:*:*:*:*:*:*

cpe:2.3:a:yazd:yazd_discussion_forum:2.1:*:*:*:*:*:*:*

cpe:2.3:a:yazd:yazd_discussion_forum:2.2:*:*:*:*:*:*:*

cpe:2.3:a:yazd:yazd_discussion_forum:2.3:*:*:*:*:*:*:*

cpe:2.3:a:yazd:yazd_discussion_forum:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00588

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-77rw-7fvw-mgvf

github

почти 4 года назад

Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.

EPSS

Процентиль: 69%

0.00588

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other