CVE-2006-6246

{"id": "CVE-2006-6246", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-04T11:28:00.000", "references": [{"url": "http://bugs.shaftnet.org/task/113", "source": "cve@mitre.org"}, {"url": "http://po.shaftnet.org/po_stable_changelog", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23176", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21351", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4766", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577", "source": "cve@mitre.org"}, {"url": "http://bugs.shaftnet.org/task/113", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://po.shaftnet.org/po_stable_changelog", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23176", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21351", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4766", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations."}, {"lang": "es", "value": "Photo Organizer 2.32b y anteriores no comprueban adecuadamente la propiedad de ciertos objetos, lo cual permite a atacantes remotos obtener acceso no autorizado a trav\u00e9s de vectores relacionados con (1) borrado de c\u00e1mara, (2) edici\u00f3n de c\u00e1mara, (3) borrado de carpeta/\u00e1lbum, (4) mover foto (photo.move), (5) indizador de contenido (content.indexer), (6) contenido de carpeta (folder.content), y posiblemente otras operaciones."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:photo_organizer:photo_organizer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FA8F3F3-B81C-4CFF-B4E4-8CC06E6DBA0E", "versionEndIncluding": "2.32b"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}