CVE-2006-5909

generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/24311	Vendor Advisory
http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633
http://www.securityfocus.com/archive/1/450679/100/0/threaded
http://www.securityfocus.com/archive/1/460196/100/0/threaded
http://www.securityfocus.com/bid/20934
http://www.vupen.com/english/advisories/2007/0760	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30037
https://exchange.xforce.ibmcloud.com/vulnerabilities/32700

Configurations

Configuration 1 (hide)

cpe:2.3:a:paul_tarjan:stanford_conference_and_research_forum:beta:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-11-15 15:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5909

Mitre link : CVE-2006-5909

CVE.ORG link : CVE-2006-5909

JSON object : View

Products Affected

paul_tarjan

stanford_conference_and_research_forum

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2006-5909", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-15T15:07:00.000", "references": [{"url": "http://secunia.com/advisories/24311", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/450679/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/460196/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20934", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0760", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30037", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32700", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts."}, {"lang": "es", "value": "generaloptions.php en Paul Tarjan Stanford Conference And Research Forum (SCARF) no requiere privilegios de administrador, lo cual permite a un atacante remoto reconfigurar la aplicaci\u00f3n o las cuentas de usuario."}], "lastModified": "2018-10-17T21:45:53.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paul_tarjan:stanford_conference_and_research_forum:beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC48D849-D445-42ED-B035-6A73FD8C9CEB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}