CVE-2006-5909

generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633
http://www.securityfocus.com/bid/20934
http://secunia.com/advisories/24311	Vendor Advisory
http://www.vupen.com/english/advisories/2007/0760	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32700
https://exchange.xforce.ibmcloud.com/vulnerabilities/30037
http://www.securityfocus.com/archive/1/460196/100/0/threaded
http://www.securityfocus.com/archive/1/450679/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:paul_tarjan:stanford_conference_and_research_forum:beta:*:*:*:*:*:*:*

Information

Published : 2006-11-15 07:07

Updated : 2018-10-17 14:45

NVD link : CVE-2006-5909

Mitre link : CVE-2006-5909

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

paul_tarjan

stanford_conference_and_research_forum

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633", "name": "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/20934", "name": "20934", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/24311", "name": "24311", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/0760", "name": "ADV-2007-0760", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32700", "name": "scarf-generaloptions-security-bypass(32700)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30037", "name": "scarf-generaloptions-privilege-escalation(30037)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/460196/100/0/threaded", "name": "20070215 Re: Stanford university SCARF user editing", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/450679/100/0/threaded", "name": "20061104 Stanford university SCARF user editing", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5909", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-11-15T15:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:paul_tarjan:stanford_conference_and_research_forum:beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:45Z"}