PT-2006-3814 · Funkboard · Funkboard

Ajann

Publicado

2006-06-07

Atualizado

2018-10-18

CVE-2006-2896

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions FunkBoard version CF0.71

Description The issue allows remote attackers to change arbitrary passwords. This is achieved by modifying the uid hidden form field in an Edit Profile action on the profile.php page.

Recommendations For FunkBoard version CF0.71, consider disabling the Edit Profile action on the profile.php page until a patch is available. Restrict access to the profile.php page to minimize the risk of exploitation. Avoid using the uid hidden form field in the Edit Profile action until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2896

Produtos afetados

Funkboard

PT-2006-3814 · Funkboard · Funkboard

CVE-2006-2896

Identificadores relacionados

Produtos afetados

Referências · 8