CVE-2006-4582

{"id": "CVE-2006-4582", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"url": "http://osvdb.org/32559", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/21694", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2006-76/advisory/", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31251", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://osvdb.org/32559", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/21694", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/secunia_research/2006-76/advisory/", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31251", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php."}, {"lang": "es", "value": "Vulnerabilidad en la falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el Address Book 1.04e permite a atacantes remotos la realizaci\u00f3n de acciones no autorizadas, como otros usuarios, mediante vectores sin especificar, como lo demostrado mediante el borrado de usuarios de nuestra elecci\u00f3n a trav\u00e9s del par\u00e1metro id en la acci\u00f3n deleteuser en el users.php."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "987F84E0-1A6B-484B-B973-9AE2E3ADB435"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}