CVE-2006-4586

{"id": "CVE-2006-4586", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-09-06T22:04:00.000", "references": [{"url": "http://acid-root.new.fr/poc/10060903.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21754", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1508", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016788", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28542", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/445079/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19834", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3452", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28756", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2297", "source": "cve@mitre.org"}, {"url": "http://acid-root.new.fr/poc/10060903.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/21754", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1508", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016788", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/28542", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/445079/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/19834", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/3452", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28756", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/2297", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges."}, {"lang": "es", "value": "El panel de administraci\u00f3n en Tr Forum 2.0 acepta un hash para el nombre de usuario y contrase\u00f1a para su validaci\u00f3n, lo cual permite que un usurio remoto validado realizar acciones para las que no estaba autorizado, seg\u00fan lo demostrado en la modificaci\u00f3n de los ajustes del usuario a trav\u00e9s del par\u00e1metro id a /membres/modif_profil.php, y cambiando la contrase\u00f1a /membres/change_mdp.php. NOTA: esto puede ser acoplado con otras vulnerabilidades de Tr Forum que permiten a atacantes no validados escalar privilegios."}], "lastModified": "2024-11-21T00:16:18.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tr_forum:tr_forum:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E83DC88-E354-46FF-83EE-B6ADB2D60328"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}