CVE-2006-3272

Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20770
https://exchange.xforce.ibmcloud.com/vulnerabilities/27307
http://secunia.com/advisories/20770
https://exchange.xforce.ibmcloud.com/vulnerabilities/27307

Configurations

Configuration 1 (hide)

cpe:2.3:a:astrodog_press:some_chess:1.5_rc2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:13

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/20770 -~~	() http://secunia.com/advisories/20770 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27307 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27307 -

Information

Published : 2006-06-28 22:05

Updated : 2024-11-21 00:13

NVD link : CVE-2006-3272

Mitre link : CVE-2006-3272

CVE.ORG link : CVE-2006-3272

JSON object : View

Products Affected

astrodog_press

some_chess

CWE

NVD-CWE-Other

{"id": "CVE-2006-3272", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-06-28T22:05:00.000", "references": [{"url": "http://secunia.com/advisories/20770", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27307", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20770", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27307", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en menu.php en Some Chess v1.5 rc2 permite a atacantes remotos realizar acciones como otro usuario, tales como cambiar nombres de usuario y contrase\u00f1as, mediante vectores no especificados. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido exclusivamente de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T00:13:13.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:astrodog_press:some_chess:1.5_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF74DDF5-817C-49B1-861A-7266D10865AD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}