CVE-2006-4586

Name of the Vulnerable Software and Affected Versions Tr Forum version 2.0

Description The issue allows remote authenticated users to perform unauthorized actions. This can be achieved by modifying user settings via the id parameter to "/membres/modif profil.php" and changing a password via "/membres/change mdp.php". It is also possible to leverage this issue with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.

Recommendations For Tr Forum version 2.0, consider restricting access to the "/membres/modif profil.php" and "/membres/change mdp.php" API endpoints until a patch is available. As a temporary workaround, restrict the use of the id parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.