PT-2006-3814 · Funkboard · Funkboard

Ajann

Published

2006-06-07

Updated

2018-10-18

CVE-2006-2896

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions FunkBoard version CF0.71

Description The issue allows remote attackers to change arbitrary passwords. This is achieved by modifying the uid hidden form field in an Edit Profile action on the profile.php page.

Recommendations For FunkBoard version CF0.71, consider disabling the Edit Profile action on the profile.php page until a patch is available. Restrict access to the profile.php page to minimize the risk of exploitation. Avoid using the uid hidden form field in the Edit Profile action until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2896

Affected Products

Funkboard

PT-2006-3814 · Funkboard · Funkboard

CVE-2006-2896

Related Identifiers

Affected Products

References · 8