|
|
CVE Reference: CVE-2006-4586 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-4586 |
|
|
Description: The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/28756 ST 1016788 SREASON http://securityreason.com/securityalert/1508 SAID Secunia Advisory: SA21754 OSVDB 28542 MISC http://acid-root.new.fr/poc/10060903.txt MILW0RM http://milw0rm.com/exploits/2297 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/445079/100/0/threaded BID 19834 |
|
| Return to the previous page. |
