CVE-2006-4427

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://efiction.org/forums/index.php?topic=3698	Patch
http://secunia.com/advisories/21625	Patch Vendor Advisory
http://www.osvdb.org/28237
http://www.securityfocus.com/bid/19717	Patch
http://www.vupen.com/english/advisories/2006/3392
https://exchange.xforce.ibmcloud.com/vulnerabilities/28595
https://www.exploit-db.com/exploits/2255

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:efiction:efiction:1.0:::::::*
	cpe:2.3:a:efiction:efiction:1.1:::::::*
	cpe:2.3:a:efiction:efiction:2.0:::::::*
	cpe:2.3:a:efiction:efiction:2.0.6:::::::*

History

No history.

Information

Published : 2006-08-29 00:04

Updated : 2024-02-28 10:42

NVD link : CVE-2006-4427

Mitre link : CVE-2006-4427

CVE.ORG link : CVE-2006-4427

JSON object : View

Products Affected

efiction

efiction

CWE

NVD-CWE-Other

{"id": "CVE-2006-4427", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-08-29T00:04:00.000", "references": [{"url": "http://efiction.org/forums/index.php?topic=3698", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21625", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28237", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19717", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3392", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28595", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2255", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to \"1\"."}, {"lang": "es", "value": "index.php en eFiction anteriores a 2.0.7 permite a atacantes remotos evitar la autenticaci\u00f3n y escalar privilegios modificando a \"1\" los par\u00e1metros (1) adminloggedin, (2) loggedin, y (3) level."}], "lastModified": "2017-10-19T01:29:21.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:efiction:efiction:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF9B6EFE-A3C7-469A-A024-7AF2E75DA838"}, {"criteria": "cpe:2.3:a:efiction:efiction:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C196090-0580-4127-8FED-FC0B578BA29A"}, {"criteria": "cpe:2.3:a:efiction:efiction:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C609477-2DEE-4F49-82F1-ED8343C2C7F6"}, {"criteria": "cpe:2.3:a:efiction:efiction:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09FCC217-970B-4844-88E2-430A8BCEAF3B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}