CVE-2006-4427

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://efiction.org/forums/index.php?topic=3698	Patch
http://www.securityfocus.com/bid/19717	Patch
http://secunia.com/advisories/21625	Patch Vendor Advisory
http://www.osvdb.org/28237
http://www.vupen.com/english/advisories/2006/3392
https://exchange.xforce.ibmcloud.com/vulnerabilities/28595
https://www.exploit-db.com/exploits/2255

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:efiction:efiction:1.0:::::::*
	cpe:2.3:a:efiction:efiction:1.1:::::::*
	cpe:2.3:a:efiction:efiction:2.0:::::::*
	cpe:2.3:a:efiction:efiction:2.0.6:::::::*

Information

Published : 2006-08-28 17:04

Updated : 2017-10-18 18:29

NVD link : CVE-2006-4427

Mitre link : CVE-2006-4427

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

efiction

efiction

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://efiction.org/forums/index.php?topic=3698", "name": "http://efiction.org/forums/index.php?topic=3698", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/19717", "name": "19717", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21625", "name": "21625", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/28237", "name": "28237", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/3392", "name": "ADV-2006-3392", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28595", "name": "efiction-admin-security-bypass(28595)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/2255", "name": "2255", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to \"1\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4427", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-08-29T00:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:efiction:efiction:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:efiction:efiction:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:efiction:efiction:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:efiction:efiction:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-19T01:29Z"}