PT-2006-4656 · Deluxebb · Deluxebb

Jessica Hope

Publicado

2006-07-21

Atualizado

2018-10-17

CVE-2006-3796

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DeluxeBB versions 1.07 and earlier

Description The issue arises from improper handling of a username consisting of a single space character. This allows remote authenticated users to login as the "space" user, post as the guest user, and prevent an administrator from banning the "space" user.

Recommendations For DeluxeBB versions 1.07 and earlier, update to a version that properly handles usernames to prevent exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-3796

Produtos afetados

Deluxebb

PT-2006-4656 · Deluxebb · Deluxebb

CVE-2006-3796

Identificadores relacionados

Produtos afetados

Referências · 6