PT-2006-4656 · Deluxebb · Deluxebb

Jessica Hope

Published

2006-07-21

Updated

2018-10-17

CVE-2006-3796

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DeluxeBB versions 1.07 and earlier

Description The issue arises from improper handling of a username consisting of a single space character. This allows remote authenticated users to login as the "space" user, post as the guest user, and prevent an administrator from banning the "space" user.

Recommendations For DeluxeBB versions 1.07 and earlier, update to a version that properly handles usernames to prevent exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3796

Affected Products

Deluxebb

PT-2006-4656 · Deluxebb · Deluxebb

CVE-2006-3796

Related Identifiers

Affected Products

References · 6