PT-2006-5367 · Unknown · The Address Book

Published

2006-12-31

Updated

2017-07-20

CVE-2006-4580

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description The issue allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users. This is achieved by setting the mode parameter to "confirm" in the register.php file.

Recommendations For version 1.04e, consider restricting access to the register.php file until a patch is available, or disable the self-registration feature altogether to prevent exploitation. Avoid using the mode parameter with the value "confirm" in the register.php file until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4580

Affected Products

The Address Book

PT-2006-5367 · Unknown · The Address Book

CVE-2006-4580

Related Identifiers

Affected Products

References · 6