PT-2006-5367 · Unknown · The Address Book

Publicado

2006-12-31

Atualizado

2017-07-20

CVE-2006-4580

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description The issue allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users. This is achieved by setting the mode parameter to "confirm" in the register.php file.

Recommendations For version 1.04e, consider restricting access to the register.php file until a patch is available, or disable the self-registration feature altogether to prevent exploitation. Avoid using the mode parameter with the value "confirm" in the register.php file until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-4580

Produtos afetados

The Address Book

PT-2006-5367 · Unknown · The Address Book

CVE-2006-4580

Identificadores relacionados

Produtos afetados

Referências · 6