PT-2006-4658 · Deluxebb · Deluxebb
Jessica Hope
+1
·
Publicado
2006-07-21
·
Atualizado
2018-10-17
·
CVE-2006-3798
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
DeluxeBB versions 1.07 and earlier
Description
The issue allows remote attackers to overwrite certain variables, including
GET, POST, ENV, and SERVER, via the COOKIE variable. This can occur during an extract function call and may lead to security issues due to the "pollution of the global namespace."Recommendations
For DeluxeBB versions 1.07 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Deluxebb